1 /*
2  * Copyright (C) 2004 IBM Corporation
3  *
4  * Authors:
5  * Leendert van Doorn <leendert@watson.ibm.com>
6  * Dave Safford <safford@watson.ibm.com>
7  * Reiner Sailer <sailer@watson.ibm.com>
8  * Kylene Hall <kjhall@us.ibm.com>
9  *
10  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11  *
12  * Device driver for TCG/TCPA TPM (trusted platform module).
13  * Specifications at www.trustedcomputinggroup.org
14  *
15  * This program is free software; you can redistribute it and/or
16  * modify it under the terms of the GNU General Public License as
17  * published by the Free Software Foundation, version 2 of the
18  * License.
19  *
20  * Note, the TPM chip is not interrupt driven (only polling)
21  * and can have very long timeouts (minutes!). Hence the unusual
22  * calls to msleep.
23  *
24  */
25 
26 #include <linux/poll.h>
27 #include <linux/slab.h>
28 #include <linux/mutex.h>
29 #include <linux/spinlock.h>
30 #include <linux/freezer.h>
31 
32 #include "tpm.h"
33 
34 enum tpm_const {
35 	TPM_MINOR = 224,	/* officially assigned */
36 	TPM_BUFSIZE = 4096,
37 	TPM_NUM_DEVICES = 256,
38 };
39 
40 enum tpm_duration {
41 	TPM_SHORT = 0,
42 	TPM_MEDIUM = 1,
43 	TPM_LONG = 2,
44 	TPM_UNDEFINED,
45 };
46 
47 #define TPM_MAX_ORDINAL 243
48 #define TPM_MAX_PROTECTED_ORDINAL 12
49 #define TPM_PROTECTED_ORDINAL_MASK 0xFF
50 
51 /*
52  * Bug workaround - some TPM's don't flush the most
53  * recently changed pcr on suspend, so force the flush
54  * with an extend to the selected _unused_ non-volatile pcr.
55  */
56 static int tpm_suspend_pcr;
57 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644);
58 MODULE_PARM_DESC(suspend_pcr,
59 		 "PCR to use for dummy writes to faciltate flush on suspend.");
60 
61 static LIST_HEAD(tpm_chip_list);
62 static DEFINE_SPINLOCK(driver_lock);
63 static DECLARE_BITMAP(dev_mask, TPM_NUM_DEVICES);
64 
65 /*
66  * Array with one entry per ordinal defining the maximum amount
67  * of time the chip could take to return the result.  The ordinal
68  * designation of short, medium or long is defined in a table in
69  * TCG Specification TPM Main Part 2 TPM Structures Section 17. The
70  * values of the SHORT, MEDIUM, and LONG durations are retrieved
71  * from the chip during initialization with a call to tpm_get_timeouts.
72  */
73 static const u8 tpm_protected_ordinal_duration[TPM_MAX_PROTECTED_ORDINAL] = {
74 	TPM_UNDEFINED,		/* 0 */
75 	TPM_UNDEFINED,
76 	TPM_UNDEFINED,
77 	TPM_UNDEFINED,
78 	TPM_UNDEFINED,
79 	TPM_UNDEFINED,		/* 5 */
80 	TPM_UNDEFINED,
81 	TPM_UNDEFINED,
82 	TPM_UNDEFINED,
83 	TPM_UNDEFINED,
84 	TPM_SHORT,		/* 10 */
85 	TPM_SHORT,
86 };
87 
88 static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = {
89 	TPM_UNDEFINED,		/* 0 */
90 	TPM_UNDEFINED,
91 	TPM_UNDEFINED,
92 	TPM_UNDEFINED,
93 	TPM_UNDEFINED,
94 	TPM_UNDEFINED,		/* 5 */
95 	TPM_UNDEFINED,
96 	TPM_UNDEFINED,
97 	TPM_UNDEFINED,
98 	TPM_UNDEFINED,
99 	TPM_SHORT,		/* 10 */
100 	TPM_SHORT,
101 	TPM_MEDIUM,
102 	TPM_LONG,
103 	TPM_LONG,
104 	TPM_MEDIUM,		/* 15 */
105 	TPM_SHORT,
106 	TPM_SHORT,
107 	TPM_MEDIUM,
108 	TPM_LONG,
109 	TPM_SHORT,		/* 20 */
110 	TPM_SHORT,
111 	TPM_MEDIUM,
112 	TPM_MEDIUM,
113 	TPM_MEDIUM,
114 	TPM_SHORT,		/* 25 */
115 	TPM_SHORT,
116 	TPM_MEDIUM,
117 	TPM_SHORT,
118 	TPM_SHORT,
119 	TPM_MEDIUM,		/* 30 */
120 	TPM_LONG,
121 	TPM_MEDIUM,
122 	TPM_SHORT,
123 	TPM_SHORT,
124 	TPM_SHORT,		/* 35 */
125 	TPM_MEDIUM,
126 	TPM_MEDIUM,
127 	TPM_UNDEFINED,
128 	TPM_UNDEFINED,
129 	TPM_MEDIUM,		/* 40 */
130 	TPM_LONG,
131 	TPM_MEDIUM,
132 	TPM_SHORT,
133 	TPM_SHORT,
134 	TPM_SHORT,		/* 45 */
135 	TPM_SHORT,
136 	TPM_SHORT,
137 	TPM_SHORT,
138 	TPM_LONG,
139 	TPM_MEDIUM,		/* 50 */
140 	TPM_MEDIUM,
141 	TPM_UNDEFINED,
142 	TPM_UNDEFINED,
143 	TPM_UNDEFINED,
144 	TPM_UNDEFINED,		/* 55 */
145 	TPM_UNDEFINED,
146 	TPM_UNDEFINED,
147 	TPM_UNDEFINED,
148 	TPM_UNDEFINED,
149 	TPM_MEDIUM,		/* 60 */
150 	TPM_MEDIUM,
151 	TPM_MEDIUM,
152 	TPM_SHORT,
153 	TPM_SHORT,
154 	TPM_MEDIUM,		/* 65 */
155 	TPM_UNDEFINED,
156 	TPM_UNDEFINED,
157 	TPM_UNDEFINED,
158 	TPM_UNDEFINED,
159 	TPM_SHORT,		/* 70 */
160 	TPM_SHORT,
161 	TPM_UNDEFINED,
162 	TPM_UNDEFINED,
163 	TPM_UNDEFINED,
164 	TPM_UNDEFINED,		/* 75 */
165 	TPM_UNDEFINED,
166 	TPM_UNDEFINED,
167 	TPM_UNDEFINED,
168 	TPM_UNDEFINED,
169 	TPM_LONG,		/* 80 */
170 	TPM_UNDEFINED,
171 	TPM_MEDIUM,
172 	TPM_LONG,
173 	TPM_SHORT,
174 	TPM_UNDEFINED,		/* 85 */
175 	TPM_UNDEFINED,
176 	TPM_UNDEFINED,
177 	TPM_UNDEFINED,
178 	TPM_UNDEFINED,
179 	TPM_SHORT,		/* 90 */
180 	TPM_SHORT,
181 	TPM_SHORT,
182 	TPM_SHORT,
183 	TPM_SHORT,
184 	TPM_UNDEFINED,		/* 95 */
185 	TPM_UNDEFINED,
186 	TPM_UNDEFINED,
187 	TPM_UNDEFINED,
188 	TPM_UNDEFINED,
189 	TPM_MEDIUM,		/* 100 */
190 	TPM_SHORT,
191 	TPM_SHORT,
192 	TPM_UNDEFINED,
193 	TPM_UNDEFINED,
194 	TPM_UNDEFINED,		/* 105 */
195 	TPM_UNDEFINED,
196 	TPM_UNDEFINED,
197 	TPM_UNDEFINED,
198 	TPM_UNDEFINED,
199 	TPM_SHORT,		/* 110 */
200 	TPM_SHORT,
201 	TPM_SHORT,
202 	TPM_SHORT,
203 	TPM_SHORT,
204 	TPM_SHORT,		/* 115 */
205 	TPM_SHORT,
206 	TPM_SHORT,
207 	TPM_UNDEFINED,
208 	TPM_UNDEFINED,
209 	TPM_LONG,		/* 120 */
210 	TPM_LONG,
211 	TPM_MEDIUM,
212 	TPM_UNDEFINED,
213 	TPM_SHORT,
214 	TPM_SHORT,		/* 125 */
215 	TPM_SHORT,
216 	TPM_LONG,
217 	TPM_SHORT,
218 	TPM_SHORT,
219 	TPM_SHORT,		/* 130 */
220 	TPM_MEDIUM,
221 	TPM_UNDEFINED,
222 	TPM_SHORT,
223 	TPM_MEDIUM,
224 	TPM_UNDEFINED,		/* 135 */
225 	TPM_UNDEFINED,
226 	TPM_UNDEFINED,
227 	TPM_UNDEFINED,
228 	TPM_UNDEFINED,
229 	TPM_SHORT,		/* 140 */
230 	TPM_SHORT,
231 	TPM_UNDEFINED,
232 	TPM_UNDEFINED,
233 	TPM_UNDEFINED,
234 	TPM_UNDEFINED,		/* 145 */
235 	TPM_UNDEFINED,
236 	TPM_UNDEFINED,
237 	TPM_UNDEFINED,
238 	TPM_UNDEFINED,
239 	TPM_SHORT,		/* 150 */
240 	TPM_MEDIUM,
241 	TPM_MEDIUM,
242 	TPM_SHORT,
243 	TPM_SHORT,
244 	TPM_UNDEFINED,		/* 155 */
245 	TPM_UNDEFINED,
246 	TPM_UNDEFINED,
247 	TPM_UNDEFINED,
248 	TPM_UNDEFINED,
249 	TPM_SHORT,		/* 160 */
250 	TPM_SHORT,
251 	TPM_SHORT,
252 	TPM_SHORT,
253 	TPM_UNDEFINED,
254 	TPM_UNDEFINED,		/* 165 */
255 	TPM_UNDEFINED,
256 	TPM_UNDEFINED,
257 	TPM_UNDEFINED,
258 	TPM_UNDEFINED,
259 	TPM_LONG,		/* 170 */
260 	TPM_UNDEFINED,
261 	TPM_UNDEFINED,
262 	TPM_UNDEFINED,
263 	TPM_UNDEFINED,
264 	TPM_UNDEFINED,		/* 175 */
265 	TPM_UNDEFINED,
266 	TPM_UNDEFINED,
267 	TPM_UNDEFINED,
268 	TPM_UNDEFINED,
269 	TPM_MEDIUM,		/* 180 */
270 	TPM_SHORT,
271 	TPM_MEDIUM,
272 	TPM_MEDIUM,
273 	TPM_MEDIUM,
274 	TPM_MEDIUM,		/* 185 */
275 	TPM_SHORT,
276 	TPM_UNDEFINED,
277 	TPM_UNDEFINED,
278 	TPM_UNDEFINED,
279 	TPM_UNDEFINED,		/* 190 */
280 	TPM_UNDEFINED,
281 	TPM_UNDEFINED,
282 	TPM_UNDEFINED,
283 	TPM_UNDEFINED,
284 	TPM_UNDEFINED,		/* 195 */
285 	TPM_UNDEFINED,
286 	TPM_UNDEFINED,
287 	TPM_UNDEFINED,
288 	TPM_UNDEFINED,
289 	TPM_SHORT,		/* 200 */
290 	TPM_UNDEFINED,
291 	TPM_UNDEFINED,
292 	TPM_UNDEFINED,
293 	TPM_SHORT,
294 	TPM_SHORT,		/* 205 */
295 	TPM_SHORT,
296 	TPM_SHORT,
297 	TPM_SHORT,
298 	TPM_SHORT,
299 	TPM_MEDIUM,		/* 210 */
300 	TPM_UNDEFINED,
301 	TPM_MEDIUM,
302 	TPM_MEDIUM,
303 	TPM_MEDIUM,
304 	TPM_UNDEFINED,		/* 215 */
305 	TPM_MEDIUM,
306 	TPM_UNDEFINED,
307 	TPM_UNDEFINED,
308 	TPM_SHORT,
309 	TPM_SHORT,		/* 220 */
310 	TPM_SHORT,
311 	TPM_SHORT,
312 	TPM_SHORT,
313 	TPM_SHORT,
314 	TPM_UNDEFINED,		/* 225 */
315 	TPM_UNDEFINED,
316 	TPM_UNDEFINED,
317 	TPM_UNDEFINED,
318 	TPM_UNDEFINED,
319 	TPM_SHORT,		/* 230 */
320 	TPM_LONG,
321 	TPM_MEDIUM,
322 	TPM_UNDEFINED,
323 	TPM_UNDEFINED,
324 	TPM_UNDEFINED,		/* 235 */
325 	TPM_UNDEFINED,
326 	TPM_UNDEFINED,
327 	TPM_UNDEFINED,
328 	TPM_UNDEFINED,
329 	TPM_SHORT,		/* 240 */
330 	TPM_UNDEFINED,
331 	TPM_MEDIUM,
332 };
333 
user_reader_timeout(unsigned long ptr)334 static void user_reader_timeout(unsigned long ptr)
335 {
336 	struct tpm_chip *chip = (struct tpm_chip *) ptr;
337 
338 	schedule_work(&chip->work);
339 }
340 
timeout_work(struct work_struct * work)341 static void timeout_work(struct work_struct *work)
342 {
343 	struct tpm_chip *chip = container_of(work, struct tpm_chip, work);
344 
345 	mutex_lock(&chip->buffer_mutex);
346 	atomic_set(&chip->data_pending, 0);
347 	memset(chip->data_buffer, 0, TPM_BUFSIZE);
348 	mutex_unlock(&chip->buffer_mutex);
349 }
350 
351 /*
352  * Returns max number of jiffies to wait
353  */
tpm_calc_ordinal_duration(struct tpm_chip * chip,u32 ordinal)354 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
355 					   u32 ordinal)
356 {
357 	int duration_idx = TPM_UNDEFINED;
358 	int duration = 0;
359 
360 	if (ordinal < TPM_MAX_ORDINAL)
361 		duration_idx = tpm_ordinal_duration[ordinal];
362 	else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) <
363 		 TPM_MAX_PROTECTED_ORDINAL)
364 		duration_idx =
365 		    tpm_protected_ordinal_duration[ordinal &
366 						   TPM_PROTECTED_ORDINAL_MASK];
367 
368 	if (duration_idx != TPM_UNDEFINED)
369 		duration = chip->vendor.duration[duration_idx];
370 	if (duration <= 0)
371 		return 2 * 60 * HZ;
372 	else
373 		return duration;
374 }
375 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
376 
377 /*
378  * Internal kernel interface to transmit TPM commands
379  */
tpm_transmit(struct tpm_chip * chip,const char * buf,size_t bufsiz)380 static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
381 			    size_t bufsiz)
382 {
383 	ssize_t rc;
384 	u32 count, ordinal;
385 	unsigned long stop;
386 
387 	if (bufsiz > TPM_BUFSIZE)
388 		bufsiz = TPM_BUFSIZE;
389 
390 	count = be32_to_cpu(*((__be32 *) (buf + 2)));
391 	ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
392 	if (count == 0)
393 		return -ENODATA;
394 	if (count > bufsiz) {
395 		dev_err(chip->dev,
396 			"invalid count value %x %zx \n", count, bufsiz);
397 		return -E2BIG;
398 	}
399 
400 	mutex_lock(&chip->tpm_mutex);
401 
402 	if ((rc = chip->vendor.send(chip, (u8 *) buf, count)) < 0) {
403 		dev_err(chip->dev,
404 			"tpm_transmit: tpm_send: error %zd\n", rc);
405 		goto out;
406 	}
407 
408 	if (chip->vendor.irq)
409 		goto out_recv;
410 
411 	stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal);
412 	do {
413 		u8 status = chip->vendor.status(chip);
414 		if ((status & chip->vendor.req_complete_mask) ==
415 		    chip->vendor.req_complete_val)
416 			goto out_recv;
417 
418 		if ((status == chip->vendor.req_canceled)) {
419 			dev_err(chip->dev, "Operation Canceled\n");
420 			rc = -ECANCELED;
421 			goto out;
422 		}
423 
424 		msleep(TPM_TIMEOUT);	/* CHECK */
425 		rmb();
426 	} while (time_before(jiffies, stop));
427 
428 	chip->vendor.cancel(chip);
429 	dev_err(chip->dev, "Operation Timed out\n");
430 	rc = -ETIME;
431 	goto out;
432 
433 out_recv:
434 	rc = chip->vendor.recv(chip, (u8 *) buf, bufsiz);
435 	if (rc < 0)
436 		dev_err(chip->dev,
437 			"tpm_transmit: tpm_recv: error %zd\n", rc);
438 out:
439 	mutex_unlock(&chip->tpm_mutex);
440 	return rc;
441 }
442 
443 #define TPM_DIGEST_SIZE 20
444 #define TPM_RET_CODE_IDX 6
445 
446 enum tpm_capabilities {
447 	TPM_CAP_FLAG = cpu_to_be32(4),
448 	TPM_CAP_PROP = cpu_to_be32(5),
449 	CAP_VERSION_1_1 = cpu_to_be32(0x06),
450 	CAP_VERSION_1_2 = cpu_to_be32(0x1A)
451 };
452 
453 enum tpm_sub_capabilities {
454 	TPM_CAP_PROP_PCR = cpu_to_be32(0x101),
455 	TPM_CAP_PROP_MANUFACTURER = cpu_to_be32(0x103),
456 	TPM_CAP_FLAG_PERM = cpu_to_be32(0x108),
457 	TPM_CAP_FLAG_VOL = cpu_to_be32(0x109),
458 	TPM_CAP_PROP_OWNER = cpu_to_be32(0x111),
459 	TPM_CAP_PROP_TIS_TIMEOUT = cpu_to_be32(0x115),
460 	TPM_CAP_PROP_TIS_DURATION = cpu_to_be32(0x120),
461 
462 };
463 
transmit_cmd(struct tpm_chip * chip,struct tpm_cmd_t * cmd,int len,const char * desc)464 static ssize_t transmit_cmd(struct tpm_chip *chip, struct tpm_cmd_t *cmd,
465 			    int len, const char *desc)
466 {
467 	int err;
468 
469 	len = tpm_transmit(chip,(u8 *) cmd, len);
470 	if (len <  0)
471 		return len;
472 	else if (len < TPM_HEADER_SIZE)
473 		return -EFAULT;
474 
475 	err = be32_to_cpu(cmd->header.out.return_code);
476 	if (err != 0)
477 		dev_err(chip->dev, "A TPM error (%d) occurred %s\n", err, desc);
478 
479 	return err;
480 }
481 
482 #define TPM_INTERNAL_RESULT_SIZE 200
483 #define TPM_TAG_RQU_COMMAND cpu_to_be16(193)
484 #define TPM_ORD_GET_CAP cpu_to_be32(101)
485 
486 static const struct tpm_input_header tpm_getcap_header = {
487 	.tag = TPM_TAG_RQU_COMMAND,
488 	.length = cpu_to_be32(22),
489 	.ordinal = TPM_ORD_GET_CAP
490 };
491 
tpm_getcap(struct device * dev,__be32 subcap_id,cap_t * cap,const char * desc)492 ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap,
493 		   const char *desc)
494 {
495 	struct tpm_cmd_t tpm_cmd;
496 	int rc;
497 	struct tpm_chip *chip = dev_get_drvdata(dev);
498 
499 	tpm_cmd.header.in = tpm_getcap_header;
500 	if (subcap_id == CAP_VERSION_1_1 || subcap_id == CAP_VERSION_1_2) {
501 		tpm_cmd.params.getcap_in.cap = subcap_id;
502 		/*subcap field not necessary */
503 		tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(0);
504 		tpm_cmd.header.in.length -= cpu_to_be32(sizeof(__be32));
505 	} else {
506 		if (subcap_id == TPM_CAP_FLAG_PERM ||
507 		    subcap_id == TPM_CAP_FLAG_VOL)
508 			tpm_cmd.params.getcap_in.cap = TPM_CAP_FLAG;
509 		else
510 			tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
511 		tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
512 		tpm_cmd.params.getcap_in.subcap = subcap_id;
513 	}
514 	rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc);
515 	if (!rc)
516 		*cap = tpm_cmd.params.getcap_out.cap;
517 	return rc;
518 }
519 
tpm_gen_interrupt(struct tpm_chip * chip)520 void tpm_gen_interrupt(struct tpm_chip *chip)
521 {
522 	struct	tpm_cmd_t tpm_cmd;
523 	ssize_t rc;
524 
525 	tpm_cmd.header.in = tpm_getcap_header;
526 	tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
527 	tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
528 	tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
529 
530 	rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
531 			"attempting to determine the timeouts");
532 }
533 EXPORT_SYMBOL_GPL(tpm_gen_interrupt);
534 
tpm_get_timeouts(struct tpm_chip * chip)535 int tpm_get_timeouts(struct tpm_chip *chip)
536 {
537 	struct tpm_cmd_t tpm_cmd;
538 	struct timeout_t *timeout_cap;
539 	struct duration_t *duration_cap;
540 	ssize_t rc;
541 	u32 timeout;
542 	unsigned int scale = 1;
543 
544 	tpm_cmd.header.in = tpm_getcap_header;
545 	tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
546 	tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
547 	tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
548 
549 	rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
550 			"attempting to determine the timeouts");
551 	if (rc)
552 		goto duration;
553 
554 	if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
555 	    be32_to_cpu(tpm_cmd.header.out.length)
556 	    != sizeof(tpm_cmd.header.out) + sizeof(u32) + 4 * sizeof(u32))
557 		return -EINVAL;
558 
559 	timeout_cap = &tpm_cmd.params.getcap_out.cap.timeout;
560 	/* Don't overwrite default if value is 0 */
561 	timeout = be32_to_cpu(timeout_cap->a);
562 	if (timeout && timeout < 1000) {
563 		/* timeouts in msec rather usec */
564 		scale = 1000;
565 		chip->vendor.timeout_adjusted = true;
566 	}
567 	if (timeout)
568 		chip->vendor.timeout_a = usecs_to_jiffies(timeout * scale);
569 	timeout = be32_to_cpu(timeout_cap->b);
570 	if (timeout)
571 		chip->vendor.timeout_b = usecs_to_jiffies(timeout * scale);
572 	timeout = be32_to_cpu(timeout_cap->c);
573 	if (timeout)
574 		chip->vendor.timeout_c = usecs_to_jiffies(timeout * scale);
575 	timeout = be32_to_cpu(timeout_cap->d);
576 	if (timeout)
577 		chip->vendor.timeout_d = usecs_to_jiffies(timeout * scale);
578 
579 duration:
580 	tpm_cmd.header.in = tpm_getcap_header;
581 	tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
582 	tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
583 	tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION;
584 
585 	rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
586 			"attempting to determine the durations");
587 	if (rc)
588 		return rc;
589 
590 	if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
591 	    be32_to_cpu(tpm_cmd.header.out.length)
592 	    != sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32))
593 		return -EINVAL;
594 
595 	duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
596 	chip->vendor.duration[TPM_SHORT] =
597 	    usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
598 	chip->vendor.duration[TPM_MEDIUM] =
599 	    usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_medium));
600 	chip->vendor.duration[TPM_LONG] =
601 	    usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_long));
602 
603 	/* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above
604 	 * value wrong and apparently reports msecs rather than usecs. So we
605 	 * fix up the resulting too-small TPM_SHORT value to make things work.
606 	 * We also scale the TPM_MEDIUM and -_LONG values by 1000.
607 	 */
608 	if (chip->vendor.duration[TPM_SHORT] < (HZ / 100)) {
609 		chip->vendor.duration[TPM_SHORT] = HZ;
610 		chip->vendor.duration[TPM_MEDIUM] *= 1000;
611 		chip->vendor.duration[TPM_LONG] *= 1000;
612 		chip->vendor.duration_adjusted = true;
613 		dev_info(chip->dev, "Adjusting TPM timeout parameters.");
614 	}
615 	return 0;
616 }
617 EXPORT_SYMBOL_GPL(tpm_get_timeouts);
618 
619 #define TPM_ORD_CONTINUE_SELFTEST 83
620 #define CONTINUE_SELFTEST_RESULT_SIZE 10
621 
622 static struct tpm_input_header continue_selftest_header = {
623 	.tag = TPM_TAG_RQU_COMMAND,
624 	.length = cpu_to_be32(10),
625 	.ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST),
626 };
627 
628 /**
629  * tpm_continue_selftest -- run TPM's selftest
630  * @chip: TPM chip to use
631  *
632  * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
633  * a TPM error code.
634  */
tpm_continue_selftest(struct tpm_chip * chip)635 static int tpm_continue_selftest(struct tpm_chip *chip)
636 {
637 	int rc;
638 	struct tpm_cmd_t cmd;
639 
640 	cmd.header.in = continue_selftest_header;
641 	rc = transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE,
642 			  "continue selftest");
643 	return rc;
644 }
645 
tpm_show_enabled(struct device * dev,struct device_attribute * attr,char * buf)646 ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr,
647 			char *buf)
648 {
649 	cap_t cap;
650 	ssize_t rc;
651 
652 	rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap,
653 			 "attempting to determine the permanent enabled state");
654 	if (rc)
655 		return 0;
656 
657 	rc = sprintf(buf, "%d\n", !cap.perm_flags.disable);
658 	return rc;
659 }
660 EXPORT_SYMBOL_GPL(tpm_show_enabled);
661 
tpm_show_active(struct device * dev,struct device_attribute * attr,char * buf)662 ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr,
663 			char *buf)
664 {
665 	cap_t cap;
666 	ssize_t rc;
667 
668 	rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap,
669 			 "attempting to determine the permanent active state");
670 	if (rc)
671 		return 0;
672 
673 	rc = sprintf(buf, "%d\n", !cap.perm_flags.deactivated);
674 	return rc;
675 }
676 EXPORT_SYMBOL_GPL(tpm_show_active);
677 
tpm_show_owned(struct device * dev,struct device_attribute * attr,char * buf)678 ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr,
679 			char *buf)
680 {
681 	cap_t cap;
682 	ssize_t rc;
683 
684 	rc = tpm_getcap(dev, TPM_CAP_PROP_OWNER, &cap,
685 			 "attempting to determine the owner state");
686 	if (rc)
687 		return 0;
688 
689 	rc = sprintf(buf, "%d\n", cap.owned);
690 	return rc;
691 }
692 EXPORT_SYMBOL_GPL(tpm_show_owned);
693 
tpm_show_temp_deactivated(struct device * dev,struct device_attribute * attr,char * buf)694 ssize_t tpm_show_temp_deactivated(struct device * dev,
695 				struct device_attribute * attr, char *buf)
696 {
697 	cap_t cap;
698 	ssize_t rc;
699 
700 	rc = tpm_getcap(dev, TPM_CAP_FLAG_VOL, &cap,
701 			 "attempting to determine the temporary state");
702 	if (rc)
703 		return 0;
704 
705 	rc = sprintf(buf, "%d\n", cap.stclear_flags.deactivated);
706 	return rc;
707 }
708 EXPORT_SYMBOL_GPL(tpm_show_temp_deactivated);
709 
710 /*
711  * tpm_chip_find_get - return tpm_chip for given chip number
712  */
tpm_chip_find_get(int chip_num)713 static struct tpm_chip *tpm_chip_find_get(int chip_num)
714 {
715 	struct tpm_chip *pos, *chip = NULL;
716 
717 	rcu_read_lock();
718 	list_for_each_entry_rcu(pos, &tpm_chip_list, list) {
719 		if (chip_num != TPM_ANY_NUM && chip_num != pos->dev_num)
720 			continue;
721 
722 		if (try_module_get(pos->dev->driver->owner)) {
723 			chip = pos;
724 			break;
725 		}
726 	}
727 	rcu_read_unlock();
728 	return chip;
729 }
730 
731 #define TPM_ORDINAL_PCRREAD cpu_to_be32(21)
732 #define READ_PCR_RESULT_SIZE 30
733 static struct tpm_input_header pcrread_header = {
734 	.tag = TPM_TAG_RQU_COMMAND,
735 	.length = cpu_to_be32(14),
736 	.ordinal = TPM_ORDINAL_PCRREAD
737 };
738 
__tpm_pcr_read(struct tpm_chip * chip,int pcr_idx,u8 * res_buf)739 static int __tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
740 {
741 	int rc;
742 	struct tpm_cmd_t cmd;
743 
744 	cmd.header.in = pcrread_header;
745 	cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx);
746 	rc = transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE,
747 			  "attempting to read a pcr value");
748 
749 	if (rc == 0)
750 		memcpy(res_buf, cmd.params.pcrread_out.pcr_result,
751 		       TPM_DIGEST_SIZE);
752 	return rc;
753 }
754 
755 /**
756  * tpm_pcr_read - read a pcr value
757  * @chip_num: 	tpm idx # or ANY
758  * @pcr_idx:	pcr idx to retrieve
759  * @res_buf: 	TPM_PCR value
760  * 		size of res_buf is 20 bytes (or NULL if you don't care)
761  *
762  * The TPM driver should be built-in, but for whatever reason it
763  * isn't, protect against the chip disappearing, by incrementing
764  * the module usage count.
765  */
tpm_pcr_read(u32 chip_num,int pcr_idx,u8 * res_buf)766 int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf)
767 {
768 	struct tpm_chip *chip;
769 	int rc;
770 
771 	chip = tpm_chip_find_get(chip_num);
772 	if (chip == NULL)
773 		return -ENODEV;
774 	rc = __tpm_pcr_read(chip, pcr_idx, res_buf);
775 	tpm_chip_put(chip);
776 	return rc;
777 }
778 EXPORT_SYMBOL_GPL(tpm_pcr_read);
779 
780 /**
781  * tpm_pcr_extend - extend pcr value with hash
782  * @chip_num: 	tpm idx # or AN&
783  * @pcr_idx:	pcr idx to extend
784  * @hash: 	hash value used to extend pcr value
785  *
786  * The TPM driver should be built-in, but for whatever reason it
787  * isn't, protect against the chip disappearing, by incrementing
788  * the module usage count.
789  */
790 #define TPM_ORD_PCR_EXTEND cpu_to_be32(20)
791 #define EXTEND_PCR_RESULT_SIZE 34
792 static struct tpm_input_header pcrextend_header = {
793 	.tag = TPM_TAG_RQU_COMMAND,
794 	.length = cpu_to_be32(34),
795 	.ordinal = TPM_ORD_PCR_EXTEND
796 };
797 
tpm_pcr_extend(u32 chip_num,int pcr_idx,const u8 * hash)798 int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
799 {
800 	struct tpm_cmd_t cmd;
801 	int rc;
802 	struct tpm_chip *chip;
803 
804 	chip = tpm_chip_find_get(chip_num);
805 	if (chip == NULL)
806 		return -ENODEV;
807 
808 	cmd.header.in = pcrextend_header;
809 	cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
810 	memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE);
811 	rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
812 			  "attempting extend a PCR value");
813 
814 	tpm_chip_put(chip);
815 	return rc;
816 }
817 EXPORT_SYMBOL_GPL(tpm_pcr_extend);
818 
819 /**
820  * tpm_do_selftest - have the TPM continue its selftest and wait until it
821  *                   can receive further commands
822  * @chip: TPM chip to use
823  *
824  * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
825  * a TPM error code.
826  */
tpm_do_selftest(struct tpm_chip * chip)827 int tpm_do_selftest(struct tpm_chip *chip)
828 {
829 	int rc;
830 	unsigned int loops;
831 	unsigned int delay_msec = 1000;
832 	unsigned long duration;
833 	struct tpm_cmd_t cmd;
834 
835 	duration = tpm_calc_ordinal_duration(chip,
836 	                                     TPM_ORD_CONTINUE_SELFTEST);
837 
838 	loops = jiffies_to_msecs(duration) / delay_msec;
839 
840 	rc = tpm_continue_selftest(chip);
841 	/* This may fail if there was no TPM driver during a suspend/resume
842 	 * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST)
843 	 */
844 	if (rc)
845 		return rc;
846 
847 	do {
848 		/* Attempt to read a PCR value */
849 		cmd.header.in = pcrread_header;
850 		cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0);
851 		rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE);
852 
853 		if (rc < TPM_HEADER_SIZE)
854 			return -EFAULT;
855 
856 		rc = be32_to_cpu(cmd.header.out.return_code);
857 		if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
858 			dev_info(chip->dev,
859 				 "TPM is disabled/deactivated (0x%X)\n", rc);
860 			/* TPM is disabled and/or deactivated; driver can
861 			 * proceed and TPM does handle commands for
862 			 * suspend/resume correctly
863 			 */
864 			return 0;
865 		}
866 		if (rc != TPM_WARN_DOING_SELFTEST)
867 			return rc;
868 		msleep(delay_msec);
869 	} while (--loops > 0);
870 
871 	return rc;
872 }
873 EXPORT_SYMBOL_GPL(tpm_do_selftest);
874 
tpm_send(u32 chip_num,void * cmd,size_t buflen)875 int tpm_send(u32 chip_num, void *cmd, size_t buflen)
876 {
877 	struct tpm_chip *chip;
878 	int rc;
879 
880 	chip = tpm_chip_find_get(chip_num);
881 	if (chip == NULL)
882 		return -ENODEV;
883 
884 	rc = transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd");
885 
886 	tpm_chip_put(chip);
887 	return rc;
888 }
889 EXPORT_SYMBOL_GPL(tpm_send);
890 
tpm_show_pcrs(struct device * dev,struct device_attribute * attr,char * buf)891 ssize_t tpm_show_pcrs(struct device *dev, struct device_attribute *attr,
892 		      char *buf)
893 {
894 	cap_t cap;
895 	u8 digest[TPM_DIGEST_SIZE];
896 	ssize_t rc;
897 	int i, j, num_pcrs;
898 	char *str = buf;
899 	struct tpm_chip *chip = dev_get_drvdata(dev);
900 
901 	rc = tpm_getcap(dev, TPM_CAP_PROP_PCR, &cap,
902 			"attempting to determine the number of PCRS");
903 	if (rc)
904 		return 0;
905 
906 	num_pcrs = be32_to_cpu(cap.num_pcrs);
907 	for (i = 0; i < num_pcrs; i++) {
908 		rc = __tpm_pcr_read(chip, i, digest);
909 		if (rc)
910 			break;
911 		str += sprintf(str, "PCR-%02d: ", i);
912 		for (j = 0; j < TPM_DIGEST_SIZE; j++)
913 			str += sprintf(str, "%02X ", digest[j]);
914 		str += sprintf(str, "\n");
915 	}
916 	return str - buf;
917 }
918 EXPORT_SYMBOL_GPL(tpm_show_pcrs);
919 
920 #define  READ_PUBEK_RESULT_SIZE 314
921 #define TPM_ORD_READPUBEK cpu_to_be32(124)
922 struct tpm_input_header tpm_readpubek_header = {
923 	.tag = TPM_TAG_RQU_COMMAND,
924 	.length = cpu_to_be32(30),
925 	.ordinal = TPM_ORD_READPUBEK
926 };
927 
tpm_show_pubek(struct device * dev,struct device_attribute * attr,char * buf)928 ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr,
929 		       char *buf)
930 {
931 	u8 *data;
932 	struct tpm_cmd_t tpm_cmd;
933 	ssize_t err;
934 	int i, rc;
935 	char *str = buf;
936 
937 	struct tpm_chip *chip = dev_get_drvdata(dev);
938 
939 	tpm_cmd.header.in = tpm_readpubek_header;
940 	err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
941 			"attempting to read the PUBEK");
942 	if (err)
943 		goto out;
944 
945 	/*
946 	   ignore header 10 bytes
947 	   algorithm 32 bits (1 == RSA )
948 	   encscheme 16 bits
949 	   sigscheme 16 bits
950 	   parameters (RSA 12->bytes: keybit, #primes, expbit)
951 	   keylenbytes 32 bits
952 	   256 byte modulus
953 	   ignore checksum 20 bytes
954 	 */
955 	data = tpm_cmd.params.readpubek_out_buffer;
956 	str +=
957 	    sprintf(str,
958 		    "Algorithm: %02X %02X %02X %02X\n"
959 		    "Encscheme: %02X %02X\n"
960 		    "Sigscheme: %02X %02X\n"
961 		    "Parameters: %02X %02X %02X %02X "
962 		    "%02X %02X %02X %02X "
963 		    "%02X %02X %02X %02X\n"
964 		    "Modulus length: %d\n"
965 		    "Modulus:\n",
966 		    data[0], data[1], data[2], data[3],
967 		    data[4], data[5],
968 		    data[6], data[7],
969 		    data[12], data[13], data[14], data[15],
970 		    data[16], data[17], data[18], data[19],
971 		    data[20], data[21], data[22], data[23],
972 		    be32_to_cpu(*((__be32 *) (data + 24))));
973 
974 	for (i = 0; i < 256; i++) {
975 		str += sprintf(str, "%02X ", data[i + 28]);
976 		if ((i + 1) % 16 == 0)
977 			str += sprintf(str, "\n");
978 	}
979 out:
980 	rc = str - buf;
981 	return rc;
982 }
983 EXPORT_SYMBOL_GPL(tpm_show_pubek);
984 
985 
tpm_show_caps(struct device * dev,struct device_attribute * attr,char * buf)986 ssize_t tpm_show_caps(struct device *dev, struct device_attribute *attr,
987 		      char *buf)
988 {
989 	cap_t cap;
990 	ssize_t rc;
991 	char *str = buf;
992 
993 	rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap,
994 			"attempting to determine the manufacturer");
995 	if (rc)
996 		return 0;
997 	str += sprintf(str, "Manufacturer: 0x%x\n",
998 		       be32_to_cpu(cap.manufacturer_id));
999 
1000 	rc = tpm_getcap(dev, CAP_VERSION_1_1, &cap,
1001 		        "attempting to determine the 1.1 version");
1002 	if (rc)
1003 		return 0;
1004 	str += sprintf(str,
1005 		       "TCG version: %d.%d\nFirmware version: %d.%d\n",
1006 		       cap.tpm_version.Major, cap.tpm_version.Minor,
1007 		       cap.tpm_version.revMajor, cap.tpm_version.revMinor);
1008 	return str - buf;
1009 }
1010 EXPORT_SYMBOL_GPL(tpm_show_caps);
1011 
tpm_show_caps_1_2(struct device * dev,struct device_attribute * attr,char * buf)1012 ssize_t tpm_show_caps_1_2(struct device * dev,
1013 			  struct device_attribute * attr, char *buf)
1014 {
1015 	cap_t cap;
1016 	ssize_t rc;
1017 	char *str = buf;
1018 
1019 	rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap,
1020 			"attempting to determine the manufacturer");
1021 	if (rc)
1022 		return 0;
1023 	str += sprintf(str, "Manufacturer: 0x%x\n",
1024 		       be32_to_cpu(cap.manufacturer_id));
1025 	rc = tpm_getcap(dev, CAP_VERSION_1_2, &cap,
1026 			 "attempting to determine the 1.2 version");
1027 	if (rc)
1028 		return 0;
1029 	str += sprintf(str,
1030 		       "TCG version: %d.%d\nFirmware version: %d.%d\n",
1031 		       cap.tpm_version_1_2.Major, cap.tpm_version_1_2.Minor,
1032 		       cap.tpm_version_1_2.revMajor,
1033 		       cap.tpm_version_1_2.revMinor);
1034 	return str - buf;
1035 }
1036 EXPORT_SYMBOL_GPL(tpm_show_caps_1_2);
1037 
tpm_show_durations(struct device * dev,struct device_attribute * attr,char * buf)1038 ssize_t tpm_show_durations(struct device *dev, struct device_attribute *attr,
1039 			  char *buf)
1040 {
1041 	struct tpm_chip *chip = dev_get_drvdata(dev);
1042 
1043 	if (chip->vendor.duration[TPM_LONG] == 0)
1044 		return 0;
1045 
1046 	return sprintf(buf, "%d %d %d [%s]\n",
1047 		       jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]),
1048 		       jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]),
1049 		       jiffies_to_usecs(chip->vendor.duration[TPM_LONG]),
1050 		       chip->vendor.duration_adjusted
1051 		       ? "adjusted" : "original");
1052 }
1053 EXPORT_SYMBOL_GPL(tpm_show_durations);
1054 
tpm_show_timeouts(struct device * dev,struct device_attribute * attr,char * buf)1055 ssize_t tpm_show_timeouts(struct device *dev, struct device_attribute *attr,
1056 			  char *buf)
1057 {
1058 	struct tpm_chip *chip = dev_get_drvdata(dev);
1059 
1060 	return sprintf(buf, "%d %d %d %d [%s]\n",
1061 		       jiffies_to_usecs(chip->vendor.timeout_a),
1062 		       jiffies_to_usecs(chip->vendor.timeout_b),
1063 		       jiffies_to_usecs(chip->vendor.timeout_c),
1064 		       jiffies_to_usecs(chip->vendor.timeout_d),
1065 		       chip->vendor.timeout_adjusted
1066 		       ? "adjusted" : "original");
1067 }
1068 EXPORT_SYMBOL_GPL(tpm_show_timeouts);
1069 
tpm_store_cancel(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)1070 ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr,
1071 			const char *buf, size_t count)
1072 {
1073 	struct tpm_chip *chip = dev_get_drvdata(dev);
1074 	if (chip == NULL)
1075 		return 0;
1076 
1077 	chip->vendor.cancel(chip);
1078 	return count;
1079 }
1080 EXPORT_SYMBOL_GPL(tpm_store_cancel);
1081 
wait_for_tpm_stat(struct tpm_chip * chip,u8 mask,unsigned long timeout,wait_queue_head_t * queue)1082 int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
1083 			 wait_queue_head_t *queue)
1084 {
1085 	unsigned long stop;
1086 	long rc;
1087 	u8 status;
1088 
1089 	/* check current status */
1090 	status = chip->vendor.status(chip);
1091 	if ((status & mask) == mask)
1092 		return 0;
1093 
1094 	stop = jiffies + timeout;
1095 
1096 	if (chip->vendor.irq) {
1097 again:
1098 		timeout = stop - jiffies;
1099 		if ((long)timeout <= 0)
1100 			return -ETIME;
1101 		rc = wait_event_interruptible_timeout(*queue,
1102 						      ((chip->vendor.status(chip)
1103 						      & mask) == mask),
1104 						      timeout);
1105 		if (rc > 0)
1106 			return 0;
1107 		if (rc == -ERESTARTSYS && freezing(current)) {
1108 			clear_thread_flag(TIF_SIGPENDING);
1109 			goto again;
1110 		}
1111 	} else {
1112 		do {
1113 			msleep(TPM_TIMEOUT);
1114 			status = chip->vendor.status(chip);
1115 			if ((status & mask) == mask)
1116 				return 0;
1117 		} while (time_before(jiffies, stop));
1118 	}
1119 	return -ETIME;
1120 }
1121 EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
1122 /*
1123  * Device file system interface to the TPM
1124  *
1125  * It's assured that the chip will be opened just once,
1126  * by the check of is_open variable, which is protected
1127  * by driver_lock.
1128  */
tpm_open(struct inode * inode,struct file * file)1129 int tpm_open(struct inode *inode, struct file *file)
1130 {
1131 	int minor = iminor(inode);
1132 	struct tpm_chip *chip = NULL, *pos;
1133 
1134 	rcu_read_lock();
1135 	list_for_each_entry_rcu(pos, &tpm_chip_list, list) {
1136 		if (pos->vendor.miscdev.minor == minor) {
1137 			chip = pos;
1138 			get_device(chip->dev);
1139 			break;
1140 		}
1141 	}
1142 	rcu_read_unlock();
1143 
1144 	if (!chip)
1145 		return -ENODEV;
1146 
1147 	if (test_and_set_bit(0, &chip->is_open)) {
1148 		dev_dbg(chip->dev, "Another process owns this TPM\n");
1149 		put_device(chip->dev);
1150 		return -EBUSY;
1151 	}
1152 
1153 	chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL);
1154 	if (chip->data_buffer == NULL) {
1155 		clear_bit(0, &chip->is_open);
1156 		put_device(chip->dev);
1157 		return -ENOMEM;
1158 	}
1159 
1160 	atomic_set(&chip->data_pending, 0);
1161 
1162 	file->private_data = chip;
1163 	return 0;
1164 }
1165 EXPORT_SYMBOL_GPL(tpm_open);
1166 
1167 /*
1168  * Called on file close
1169  */
tpm_release(struct inode * inode,struct file * file)1170 int tpm_release(struct inode *inode, struct file *file)
1171 {
1172 	struct tpm_chip *chip = file->private_data;
1173 
1174 	del_singleshot_timer_sync(&chip->user_read_timer);
1175 	flush_work_sync(&chip->work);
1176 	file->private_data = NULL;
1177 	atomic_set(&chip->data_pending, 0);
1178 	kfree(chip->data_buffer);
1179 	clear_bit(0, &chip->is_open);
1180 	put_device(chip->dev);
1181 	return 0;
1182 }
1183 EXPORT_SYMBOL_GPL(tpm_release);
1184 
tpm_write(struct file * file,const char __user * buf,size_t size,loff_t * off)1185 ssize_t tpm_write(struct file *file, const char __user *buf,
1186 		  size_t size, loff_t *off)
1187 {
1188 	struct tpm_chip *chip = file->private_data;
1189 	size_t in_size = size;
1190 	ssize_t out_size;
1191 
1192 	/* cannot perform a write until the read has cleared
1193 	   either via tpm_read or a user_read_timer timeout.
1194 	   This also prevents splitted buffered writes from blocking here.
1195 	*/
1196 	if (atomic_read(&chip->data_pending) != 0)
1197 		return -EBUSY;
1198 
1199 	if (in_size > TPM_BUFSIZE)
1200 		return -E2BIG;
1201 
1202 	mutex_lock(&chip->buffer_mutex);
1203 
1204 	if (copy_from_user
1205 	    (chip->data_buffer, (void __user *) buf, in_size)) {
1206 		mutex_unlock(&chip->buffer_mutex);
1207 		return -EFAULT;
1208 	}
1209 
1210 	/* atomic tpm command send and result receive */
1211 	out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);
1212 	if (out_size < 0) {
1213 		mutex_unlock(&chip->buffer_mutex);
1214 		return out_size;
1215 	}
1216 
1217 	atomic_set(&chip->data_pending, out_size);
1218 	mutex_unlock(&chip->buffer_mutex);
1219 
1220 	/* Set a timeout by which the reader must come claim the result */
1221 	mod_timer(&chip->user_read_timer, jiffies + (60 * HZ));
1222 
1223 	return in_size;
1224 }
1225 EXPORT_SYMBOL_GPL(tpm_write);
1226 
tpm_read(struct file * file,char __user * buf,size_t size,loff_t * off)1227 ssize_t tpm_read(struct file *file, char __user *buf,
1228 		 size_t size, loff_t *off)
1229 {
1230 	struct tpm_chip *chip = file->private_data;
1231 	ssize_t ret_size;
1232 	int rc;
1233 
1234 	del_singleshot_timer_sync(&chip->user_read_timer);
1235 	flush_work_sync(&chip->work);
1236 	ret_size = atomic_read(&chip->data_pending);
1237 	atomic_set(&chip->data_pending, 0);
1238 	if (ret_size > 0) {	/* relay data */
1239 		ssize_t orig_ret_size = ret_size;
1240 		if (size < ret_size)
1241 			ret_size = size;
1242 
1243 		mutex_lock(&chip->buffer_mutex);
1244 		rc = copy_to_user(buf, chip->data_buffer, ret_size);
1245 		memset(chip->data_buffer, 0, orig_ret_size);
1246 		if (rc)
1247 			ret_size = -EFAULT;
1248 
1249 		mutex_unlock(&chip->buffer_mutex);
1250 	}
1251 
1252 	return ret_size;
1253 }
1254 EXPORT_SYMBOL_GPL(tpm_read);
1255 
tpm_remove_hardware(struct device * dev)1256 void tpm_remove_hardware(struct device *dev)
1257 {
1258 	struct tpm_chip *chip = dev_get_drvdata(dev);
1259 
1260 	if (chip == NULL) {
1261 		dev_err(dev, "No device data found\n");
1262 		return;
1263 	}
1264 
1265 	spin_lock(&driver_lock);
1266 	list_del_rcu(&chip->list);
1267 	spin_unlock(&driver_lock);
1268 	synchronize_rcu();
1269 
1270 	misc_deregister(&chip->vendor.miscdev);
1271 	sysfs_remove_group(&dev->kobj, chip->vendor.attr_group);
1272 	tpm_bios_log_teardown(chip->bios_dir);
1273 
1274 	/* write it this way to be explicit (chip->dev == dev) */
1275 	put_device(chip->dev);
1276 }
1277 EXPORT_SYMBOL_GPL(tpm_remove_hardware);
1278 
1279 #define TPM_ORD_SAVESTATE cpu_to_be32(152)
1280 #define SAVESTATE_RESULT_SIZE 10
1281 
1282 static struct tpm_input_header savestate_header = {
1283 	.tag = TPM_TAG_RQU_COMMAND,
1284 	.length = cpu_to_be32(10),
1285 	.ordinal = TPM_ORD_SAVESTATE
1286 };
1287 
1288 /*
1289  * We are about to suspend. Save the TPM state
1290  * so that it can be restored.
1291  */
tpm_pm_suspend(struct device * dev,pm_message_t pm_state)1292 int tpm_pm_suspend(struct device *dev, pm_message_t pm_state)
1293 {
1294 	struct tpm_chip *chip = dev_get_drvdata(dev);
1295 	struct tpm_cmd_t cmd;
1296 	int rc;
1297 
1298 	u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
1299 
1300 	if (chip == NULL)
1301 		return -ENODEV;
1302 
1303 	/* for buggy tpm, flush pcrs with extend to selected dummy */
1304 	if (tpm_suspend_pcr) {
1305 		cmd.header.in = pcrextend_header;
1306 		cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr);
1307 		memcpy(cmd.params.pcrextend_in.hash, dummy_hash,
1308 		       TPM_DIGEST_SIZE);
1309 		rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
1310 				  "extending dummy pcr before suspend");
1311 	}
1312 
1313 	/* now do the actual savestate */
1314 	cmd.header.in = savestate_header;
1315 	rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE,
1316 			  "sending savestate before suspend");
1317 	return rc;
1318 }
1319 EXPORT_SYMBOL_GPL(tpm_pm_suspend);
1320 
1321 /*
1322  * Resume from a power safe. The BIOS already restored
1323  * the TPM state.
1324  */
tpm_pm_resume(struct device * dev)1325 int tpm_pm_resume(struct device *dev)
1326 {
1327 	struct tpm_chip *chip = dev_get_drvdata(dev);
1328 
1329 	if (chip == NULL)
1330 		return -ENODEV;
1331 
1332 	return 0;
1333 }
1334 EXPORT_SYMBOL_GPL(tpm_pm_resume);
1335 
1336 /* In case vendor provided release function, call it too.*/
1337 
tpm_dev_vendor_release(struct tpm_chip * chip)1338 void tpm_dev_vendor_release(struct tpm_chip *chip)
1339 {
1340 	if (chip->vendor.release)
1341 		chip->vendor.release(chip->dev);
1342 
1343 	clear_bit(chip->dev_num, dev_mask);
1344 	kfree(chip->vendor.miscdev.name);
1345 }
1346 EXPORT_SYMBOL_GPL(tpm_dev_vendor_release);
1347 
1348 
1349 /*
1350  * Once all references to platform device are down to 0,
1351  * release all allocated structures.
1352  */
tpm_dev_release(struct device * dev)1353 void tpm_dev_release(struct device *dev)
1354 {
1355 	struct tpm_chip *chip = dev_get_drvdata(dev);
1356 
1357 	tpm_dev_vendor_release(chip);
1358 
1359 	chip->release(dev);
1360 	kfree(chip);
1361 }
1362 EXPORT_SYMBOL_GPL(tpm_dev_release);
1363 
1364 /*
1365  * Called from tpm_<specific>.c probe function only for devices
1366  * the driver has determined it should claim.  Prior to calling
1367  * this function the specific probe function has called pci_enable_device
1368  * upon errant exit from this function specific probe function should call
1369  * pci_disable_device
1370  */
tpm_register_hardware(struct device * dev,const struct tpm_vendor_specific * entry)1371 struct tpm_chip *tpm_register_hardware(struct device *dev,
1372 					const struct tpm_vendor_specific *entry)
1373 {
1374 #define DEVNAME_SIZE 7
1375 
1376 	char *devname;
1377 	struct tpm_chip *chip;
1378 
1379 	/* Driver specific per-device data */
1380 	chip = kzalloc(sizeof(*chip), GFP_KERNEL);
1381 	devname = kmalloc(DEVNAME_SIZE, GFP_KERNEL);
1382 
1383 	if (chip == NULL || devname == NULL)
1384 		goto out_free;
1385 
1386 	mutex_init(&chip->buffer_mutex);
1387 	mutex_init(&chip->tpm_mutex);
1388 	INIT_LIST_HEAD(&chip->list);
1389 
1390 	INIT_WORK(&chip->work, timeout_work);
1391 
1392 	setup_timer(&chip->user_read_timer, user_reader_timeout,
1393 			(unsigned long)chip);
1394 
1395 	memcpy(&chip->vendor, entry, sizeof(struct tpm_vendor_specific));
1396 
1397 	chip->dev_num = find_first_zero_bit(dev_mask, TPM_NUM_DEVICES);
1398 
1399 	if (chip->dev_num >= TPM_NUM_DEVICES) {
1400 		dev_err(dev, "No available tpm device numbers\n");
1401 		goto out_free;
1402 	} else if (chip->dev_num == 0)
1403 		chip->vendor.miscdev.minor = TPM_MINOR;
1404 	else
1405 		chip->vendor.miscdev.minor = MISC_DYNAMIC_MINOR;
1406 
1407 	set_bit(chip->dev_num, dev_mask);
1408 
1409 	scnprintf(devname, DEVNAME_SIZE, "%s%d", "tpm", chip->dev_num);
1410 	chip->vendor.miscdev.name = devname;
1411 
1412 	chip->vendor.miscdev.parent = dev;
1413 	chip->dev = get_device(dev);
1414 	chip->release = dev->release;
1415 	dev->release = tpm_dev_release;
1416 	dev_set_drvdata(dev, chip);
1417 
1418 	if (misc_register(&chip->vendor.miscdev)) {
1419 		dev_err(chip->dev,
1420 			"unable to misc_register %s, minor %d\n",
1421 			chip->vendor.miscdev.name,
1422 			chip->vendor.miscdev.minor);
1423 		put_device(chip->dev);
1424 		return NULL;
1425 	}
1426 
1427 	if (sysfs_create_group(&dev->kobj, chip->vendor.attr_group)) {
1428 		misc_deregister(&chip->vendor.miscdev);
1429 		put_device(chip->dev);
1430 
1431 		return NULL;
1432 	}
1433 
1434 	chip->bios_dir = tpm_bios_log_setup(devname);
1435 
1436 	/* Make chip available */
1437 	spin_lock(&driver_lock);
1438 	list_add_rcu(&chip->list, &tpm_chip_list);
1439 	spin_unlock(&driver_lock);
1440 
1441 	return chip;
1442 
1443 out_free:
1444 	kfree(chip);
1445 	kfree(devname);
1446 	return NULL;
1447 }
1448 EXPORT_SYMBOL_GPL(tpm_register_hardware);
1449 
1450 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1451 MODULE_DESCRIPTION("TPM Driver");
1452 MODULE_VERSION("2.0");
1453 MODULE_LICENSE("GPL");
1454