1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * Copyright (C) 2004,2007,2008 IBM Corporation |
4 | * |
5 | * Authors: |
6 | * Leendert van Doorn <leendert@watson.ibm.com> |
7 | * Dave Safford <safford@watson.ibm.com> |
8 | * Reiner Sailer <sailer@watson.ibm.com> |
9 | * Kylene Hall <kjhall@us.ibm.com> |
10 | * Debora Velarde <dvelarde@us.ibm.com> |
11 | * |
12 | * Maintained by: <tpmdd_devel@lists.sourceforge.net> |
13 | * |
14 | * Device driver for TCG/TCPA TPM (trusted platform module). |
15 | * Specifications at www.trustedcomputinggroup.org |
16 | */ |
17 | #ifndef __LINUX_TPM_H__ |
18 | #define __LINUX_TPM_H__ |
19 | |
20 | #include <linux/hw_random.h> |
21 | #include <linux/acpi.h> |
22 | #include <linux/cdev.h> |
23 | #include <linux/fs.h> |
24 | #include <linux/highmem.h> |
25 | #include <crypto/hash_info.h> |
26 | |
27 | #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ |
28 | #define TPM_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE |
29 | |
30 | struct tpm_chip; |
31 | struct trusted_key_payload; |
32 | struct trusted_key_options; |
33 | |
34 | /* if you add a new hash to this, increment TPM_MAX_HASHES below */ |
35 | enum tpm_algorithms { |
36 | TPM_ALG_ERROR = 0x0000, |
37 | TPM_ALG_SHA1 = 0x0004, |
38 | TPM_ALG_KEYEDHASH = 0x0008, |
39 | TPM_ALG_SHA256 = 0x000B, |
40 | TPM_ALG_SHA384 = 0x000C, |
41 | TPM_ALG_SHA512 = 0x000D, |
42 | TPM_ALG_NULL = 0x0010, |
43 | TPM_ALG_SM3_256 = 0x0012, |
44 | }; |
45 | |
46 | /* |
47 | * maximum number of hashing algorithms a TPM can have. This is |
48 | * basically a count of every hash in tpm_algorithms above |
49 | */ |
50 | #define TPM_MAX_HASHES 5 |
51 | |
52 | struct tpm_digest { |
53 | u16 alg_id; |
54 | u8 digest[TPM_MAX_DIGEST_SIZE]; |
55 | } __packed; |
56 | |
57 | struct tpm_bank_info { |
58 | u16 alg_id; |
59 | u16 digest_size; |
60 | u16 crypto_id; |
61 | }; |
62 | |
63 | enum TPM_OPS_FLAGS { |
64 | TPM_OPS_AUTO_STARTUP = BIT(0), |
65 | }; |
66 | |
67 | struct tpm_class_ops { |
68 | unsigned int flags; |
69 | const u8 req_complete_mask; |
70 | const u8 req_complete_val; |
71 | bool (*req_canceled)(struct tpm_chip *chip, u8 status); |
72 | int (*recv) (struct tpm_chip *chip, u8 *buf, size_t len); |
73 | int (*send) (struct tpm_chip *chip, u8 *buf, size_t len); |
74 | void (*cancel) (struct tpm_chip *chip); |
75 | u8 (*status) (struct tpm_chip *chip); |
76 | void (*update_timeouts)(struct tpm_chip *chip, |
77 | unsigned long *timeout_cap); |
78 | void (*update_durations)(struct tpm_chip *chip, |
79 | unsigned long *duration_cap); |
80 | int (*go_idle)(struct tpm_chip *chip); |
81 | int (*cmd_ready)(struct tpm_chip *chip); |
82 | int (*request_locality)(struct tpm_chip *chip, int loc); |
83 | int (*relinquish_locality)(struct tpm_chip *chip, int loc); |
84 | void (*clk_enable)(struct tpm_chip *chip, bool value); |
85 | }; |
86 | |
87 | #define TPM_NUM_EVENT_LOG_FILES 3 |
88 | |
89 | /* Indexes the duration array */ |
90 | enum tpm_duration { |
91 | TPM_SHORT = 0, |
92 | TPM_MEDIUM = 1, |
93 | TPM_LONG = 2, |
94 | TPM_LONG_LONG = 3, |
95 | TPM_UNDEFINED, |
96 | TPM_NUM_DURATIONS = TPM_UNDEFINED, |
97 | }; |
98 | |
99 | #define TPM_PPI_VERSION_LEN 3 |
100 | |
101 | struct tpm_space { |
102 | u32 context_tbl[3]; |
103 | u8 *context_buf; |
104 | u32 session_tbl[3]; |
105 | u8 *session_buf; |
106 | u32 buf_size; |
107 | }; |
108 | |
109 | struct tpm_bios_log { |
110 | void *bios_event_log; |
111 | void *bios_event_log_end; |
112 | }; |
113 | |
114 | struct tpm_chip_seqops { |
115 | struct tpm_chip *chip; |
116 | const struct seq_operations *seqops; |
117 | }; |
118 | |
119 | struct tpm_chip { |
120 | struct device dev; |
121 | struct device devs; |
122 | struct cdev cdev; |
123 | struct cdev cdevs; |
124 | |
125 | /* A driver callback under ops cannot be run unless ops_sem is held |
126 | * (sometimes implicitly, eg for the sysfs code). ops becomes null |
127 | * when the driver is unregistered, see tpm_try_get_ops. |
128 | */ |
129 | struct rw_semaphore ops_sem; |
130 | const struct tpm_class_ops *ops; |
131 | |
132 | struct tpm_bios_log log; |
133 | struct tpm_chip_seqops bin_log_seqops; |
134 | struct tpm_chip_seqops ascii_log_seqops; |
135 | |
136 | unsigned int flags; |
137 | |
138 | int dev_num; /* /dev/tpm# */ |
139 | unsigned long is_open; /* only one allowed */ |
140 | |
141 | char hwrng_name[64]; |
142 | struct hwrng hwrng; |
143 | |
144 | struct mutex tpm_mutex; /* tpm is processing */ |
145 | |
146 | unsigned long timeout_a; /* jiffies */ |
147 | unsigned long timeout_b; /* jiffies */ |
148 | unsigned long timeout_c; /* jiffies */ |
149 | unsigned long timeout_d; /* jiffies */ |
150 | bool timeout_adjusted; |
151 | unsigned long duration[TPM_NUM_DURATIONS]; /* jiffies */ |
152 | bool duration_adjusted; |
153 | |
154 | struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES]; |
155 | |
156 | const struct attribute_group *groups[3 + TPM_MAX_HASHES]; |
157 | unsigned int groups_cnt; |
158 | |
159 | u32 nr_allocated_banks; |
160 | struct tpm_bank_info *allocated_banks; |
161 | #ifdef CONFIG_ACPI |
162 | acpi_handle acpi_dev_handle; |
163 | char ppi_version[TPM_PPI_VERSION_LEN + 1]; |
164 | #endif /* CONFIG_ACPI */ |
165 | |
166 | struct tpm_space work_space; |
167 | u32 last_cc; |
168 | u32 nr_commands; |
169 | u32 *cc_attrs_tbl; |
170 | |
171 | /* active locality */ |
172 | int locality; |
173 | }; |
174 | |
175 | #define 10 |
176 | |
177 | enum tpm2_const { |
178 | TPM2_PLATFORM_PCR = 24, |
179 | TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8), |
180 | }; |
181 | |
182 | enum tpm2_timeouts { |
183 | TPM2_TIMEOUT_A = 750, |
184 | TPM2_TIMEOUT_B = 2000, |
185 | TPM2_TIMEOUT_C = 200, |
186 | TPM2_TIMEOUT_D = 30, |
187 | TPM2_DURATION_SHORT = 20, |
188 | TPM2_DURATION_MEDIUM = 750, |
189 | TPM2_DURATION_LONG = 2000, |
190 | TPM2_DURATION_LONG_LONG = 300000, |
191 | TPM2_DURATION_DEFAULT = 120000, |
192 | }; |
193 | |
194 | enum tpm2_structures { |
195 | TPM2_ST_NO_SESSIONS = 0x8001, |
196 | TPM2_ST_SESSIONS = 0x8002, |
197 | }; |
198 | |
199 | /* Indicates from what layer of the software stack the error comes from */ |
200 | #define TSS2_RC_LAYER_SHIFT 16 |
201 | #define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT) |
202 | |
203 | enum tpm2_return_codes { |
204 | TPM2_RC_SUCCESS = 0x0000, |
205 | TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ |
206 | TPM2_RC_HANDLE = 0x008B, |
207 | TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ |
208 | TPM2_RC_FAILURE = 0x0101, |
209 | TPM2_RC_DISABLED = 0x0120, |
210 | TPM2_RC_UPGRADE = 0x012D, |
211 | TPM2_RC_COMMAND_CODE = 0x0143, |
212 | TPM2_RC_TESTING = 0x090A, /* RC_WARN */ |
213 | TPM2_RC_REFERENCE_H0 = 0x0910, |
214 | TPM2_RC_RETRY = 0x0922, |
215 | }; |
216 | |
217 | enum tpm2_command_codes { |
218 | TPM2_CC_FIRST = 0x011F, |
219 | TPM2_CC_HIERARCHY_CONTROL = 0x0121, |
220 | TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129, |
221 | TPM2_CC_CREATE_PRIMARY = 0x0131, |
222 | TPM2_CC_SEQUENCE_COMPLETE = 0x013E, |
223 | TPM2_CC_SELF_TEST = 0x0143, |
224 | TPM2_CC_STARTUP = 0x0144, |
225 | TPM2_CC_SHUTDOWN = 0x0145, |
226 | TPM2_CC_NV_READ = 0x014E, |
227 | TPM2_CC_CREATE = 0x0153, |
228 | TPM2_CC_LOAD = 0x0157, |
229 | TPM2_CC_SEQUENCE_UPDATE = 0x015C, |
230 | TPM2_CC_UNSEAL = 0x015E, |
231 | TPM2_CC_CONTEXT_LOAD = 0x0161, |
232 | TPM2_CC_CONTEXT_SAVE = 0x0162, |
233 | TPM2_CC_FLUSH_CONTEXT = 0x0165, |
234 | TPM2_CC_VERIFY_SIGNATURE = 0x0177, |
235 | TPM2_CC_GET_CAPABILITY = 0x017A, |
236 | TPM2_CC_GET_RANDOM = 0x017B, |
237 | TPM2_CC_PCR_READ = 0x017E, |
238 | TPM2_CC_PCR_EXTEND = 0x0182, |
239 | TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185, |
240 | TPM2_CC_HASH_SEQUENCE_START = 0x0186, |
241 | TPM2_CC_CREATE_LOADED = 0x0191, |
242 | TPM2_CC_LAST = 0x0193, /* Spec 1.36 */ |
243 | }; |
244 | |
245 | enum tpm2_permanent_handles { |
246 | TPM2_RS_PW = 0x40000009, |
247 | }; |
248 | |
249 | enum tpm2_capabilities { |
250 | TPM2_CAP_HANDLES = 1, |
251 | TPM2_CAP_COMMANDS = 2, |
252 | TPM2_CAP_PCRS = 5, |
253 | TPM2_CAP_TPM_PROPERTIES = 6, |
254 | }; |
255 | |
256 | enum tpm2_properties { |
257 | TPM_PT_TOTAL_COMMANDS = 0x0129, |
258 | }; |
259 | |
260 | enum tpm2_startup_types { |
261 | TPM2_SU_CLEAR = 0x0000, |
262 | TPM2_SU_STATE = 0x0001, |
263 | }; |
264 | |
265 | enum tpm2_cc_attrs { |
266 | TPM2_CC_ATTR_CHANDLES = 25, |
267 | TPM2_CC_ATTR_RHANDLE = 28, |
268 | TPM2_CC_ATTR_VENDOR = 29, |
269 | }; |
270 | |
271 | #define TPM_VID_INTEL 0x8086 |
272 | #define TPM_VID_WINBOND 0x1050 |
273 | #define TPM_VID_STM 0x104A |
274 | #define TPM_VID_ATML 0x1114 |
275 | |
276 | enum tpm_chip_flags { |
277 | TPM_CHIP_FLAG_BOOTSTRAPPED = BIT(0), |
278 | TPM_CHIP_FLAG_TPM2 = BIT(1), |
279 | TPM_CHIP_FLAG_IRQ = BIT(2), |
280 | TPM_CHIP_FLAG_VIRTUAL = BIT(3), |
281 | TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4), |
282 | TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(5), |
283 | TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(6), |
284 | TPM_CHIP_FLAG_FIRMWARE_UPGRADE = BIT(7), |
285 | TPM_CHIP_FLAG_SUSPENDED = BIT(8), |
286 | TPM_CHIP_FLAG_HWRNG_DISABLED = BIT(9), |
287 | }; |
288 | |
289 | #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev) |
290 | |
291 | struct { |
292 | __be16 ; |
293 | __be32 ; |
294 | union { |
295 | __be32 ; |
296 | __be32 ; |
297 | }; |
298 | } __packed; |
299 | |
300 | /* A string buffer type for constructing TPM commands. This is based on the |
301 | * ideas of string buffer code in security/keys/trusted.h but is heap based |
302 | * in order to keep the stack usage minimal. |
303 | */ |
304 | |
305 | enum tpm_buf_flags { |
306 | TPM_BUF_OVERFLOW = BIT(0), |
307 | }; |
308 | |
309 | struct tpm_buf { |
310 | unsigned int flags; |
311 | u8 *data; |
312 | }; |
313 | |
314 | enum tpm2_object_attributes { |
315 | TPM2_OA_FIXED_TPM = BIT(1), |
316 | TPM2_OA_FIXED_PARENT = BIT(4), |
317 | TPM2_OA_USER_WITH_AUTH = BIT(6), |
318 | }; |
319 | |
320 | enum tpm2_session_attributes { |
321 | TPM2_SA_CONTINUE_SESSION = BIT(0), |
322 | }; |
323 | |
324 | struct tpm2_hash { |
325 | unsigned int crypto_id; |
326 | unsigned int tpm_id; |
327 | }; |
328 | |
329 | static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) |
330 | { |
331 | struct tpm_header *head = (struct tpm_header *)buf->data; |
332 | |
333 | head->tag = cpu_to_be16(tag); |
334 | head->length = cpu_to_be32(sizeof(*head)); |
335 | head->ordinal = cpu_to_be32(ordinal); |
336 | } |
337 | |
338 | static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) |
339 | { |
340 | buf->data = (u8 *)__get_free_page(GFP_KERNEL); |
341 | if (!buf->data) |
342 | return -ENOMEM; |
343 | |
344 | buf->flags = 0; |
345 | tpm_buf_reset(buf, tag, ordinal); |
346 | return 0; |
347 | } |
348 | |
349 | static inline void tpm_buf_destroy(struct tpm_buf *buf) |
350 | { |
351 | free_page((unsigned long)buf->data); |
352 | } |
353 | |
354 | static inline u32 tpm_buf_length(struct tpm_buf *buf) |
355 | { |
356 | struct tpm_header *head = (struct tpm_header *)buf->data; |
357 | |
358 | return be32_to_cpu(head->length); |
359 | } |
360 | |
361 | static inline u16 tpm_buf_tag(struct tpm_buf *buf) |
362 | { |
363 | struct tpm_header *head = (struct tpm_header *)buf->data; |
364 | |
365 | return be16_to_cpu(head->tag); |
366 | } |
367 | |
368 | static inline void tpm_buf_append(struct tpm_buf *buf, |
369 | const unsigned char *new_data, |
370 | unsigned int new_len) |
371 | { |
372 | struct tpm_header *head = (struct tpm_header *)buf->data; |
373 | u32 len = tpm_buf_length(buf); |
374 | |
375 | /* Return silently if overflow has already happened. */ |
376 | if (buf->flags & TPM_BUF_OVERFLOW) |
377 | return; |
378 | |
379 | if ((len + new_len) > PAGE_SIZE) { |
380 | WARN(1, "tpm_buf: overflow\n" ); |
381 | buf->flags |= TPM_BUF_OVERFLOW; |
382 | return; |
383 | } |
384 | |
385 | memcpy(&buf->data[len], new_data, new_len); |
386 | head->length = cpu_to_be32(len + new_len); |
387 | } |
388 | |
389 | static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) |
390 | { |
391 | tpm_buf_append(buf, new_data: &value, new_len: 1); |
392 | } |
393 | |
394 | static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) |
395 | { |
396 | __be16 value2 = cpu_to_be16(value); |
397 | |
398 | tpm_buf_append(buf, new_data: (u8 *) &value2, new_len: 2); |
399 | } |
400 | |
401 | static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) |
402 | { |
403 | __be32 value2 = cpu_to_be32(value); |
404 | |
405 | tpm_buf_append(buf, new_data: (u8 *) &value2, new_len: 4); |
406 | } |
407 | |
408 | /* |
409 | * Check if TPM device is in the firmware upgrade mode. |
410 | */ |
411 | static inline bool tpm_is_firmware_upgrade(struct tpm_chip *chip) |
412 | { |
413 | return chip->flags & TPM_CHIP_FLAG_FIRMWARE_UPGRADE; |
414 | } |
415 | |
416 | static inline u32 tpm2_rc_value(u32 rc) |
417 | { |
418 | return (rc & BIT(7)) ? rc & 0xff : rc; |
419 | } |
420 | |
421 | #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) |
422 | |
423 | extern int tpm_is_tpm2(struct tpm_chip *chip); |
424 | extern __must_check int tpm_try_get_ops(struct tpm_chip *chip); |
425 | extern void tpm_put_ops(struct tpm_chip *chip); |
426 | extern ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf, |
427 | size_t min_rsp_body_length, const char *desc); |
428 | extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, |
429 | struct tpm_digest *digest); |
430 | extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, |
431 | struct tpm_digest *digests); |
432 | extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); |
433 | extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); |
434 | extern struct tpm_chip *tpm_default_chip(void); |
435 | void tpm2_flush_context(struct tpm_chip *chip, u32 handle); |
436 | #else |
437 | static inline int tpm_is_tpm2(struct tpm_chip *chip) |
438 | { |
439 | return -ENODEV; |
440 | } |
441 | static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, |
442 | struct tpm_digest *digest) |
443 | { |
444 | return -ENODEV; |
445 | } |
446 | |
447 | static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, |
448 | struct tpm_digest *digests) |
449 | { |
450 | return -ENODEV; |
451 | } |
452 | |
453 | static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) |
454 | { |
455 | return -ENODEV; |
456 | } |
457 | static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max) |
458 | { |
459 | return -ENODEV; |
460 | } |
461 | |
462 | static inline struct tpm_chip *tpm_default_chip(void) |
463 | { |
464 | return NULL; |
465 | } |
466 | #endif |
467 | #endif |
468 | |