tpm.h source code [linux/include/linux/tpm.h]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* Copyright (C) 2004,2007,2008 IBM Corporation
4	*
5	* Authors:
6	* Leendert van Doorn <leendert@watson.ibm.com>
7	* Dave Safford <safford@watson.ibm.com>
8	* Reiner Sailer <sailer@watson.ibm.com>
9	* Kylene Hall <kjhall@us.ibm.com>
10	* Debora Velarde <dvelarde@us.ibm.com>
11	*
12	* Maintained by: <tpmdd_devel@lists.sourceforge.net>
13	*
14	* Device driver for TCG/TCPA TPM (trusted platform module).
15	* Specifications at www.trustedcomputinggroup.org
16	*/
17	#ifndef __LINUX_TPM_H__
18	#define __LINUX_TPM_H__
19
20	#include <linux/hw_random.h>
21	#include <linux/acpi.h>
22	#include <linux/cdev.h>
23	#include <linux/fs.h>
24	#include <linux/highmem.h>
25	#include <crypto/hash_info.h>
26
27	#define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */
28	#define TPM_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
29
30	struct tpm_chip;
31	struct trusted_key_payload;
32	struct trusted_key_options;
33
34	/ if you add a new hash to this, increment TPM_MAX_HASHES below /
35	enum tpm_algorithms {
36	TPM_ALG_ERROR = `0x0000`,
37	TPM_ALG_SHA1 = `0x0004`,
38	TPM_ALG_KEYEDHASH = `0x0008`,
39	TPM_ALG_SHA256 = `0x000B`,
40	TPM_ALG_SHA384 = `0x000C`,
41	TPM_ALG_SHA512 = `0x000D`,
42	TPM_ALG_NULL = `0x0010`,
43	TPM_ALG_SM3_256 = `0x0012`,
44	};
45
46	/*
47	* maximum number of hashing algorithms a TPM can have. This is
48	* basically a count of every hash in tpm_algorithms above
49	*/
50	#define TPM_MAX_HASHES 5
51
52	struct tpm_digest {
53	u16 alg_id;
54	u8 digest[TPM_MAX_DIGEST_SIZE];
55	} __packed;
56
57	struct tpm_bank_info {
58	u16 alg_id;
59	u16 digest_size;
60	u16 crypto_id;
61	};
62
63	enum TPM_OPS_FLAGS {
64	TPM_OPS_AUTO_STARTUP = BIT(`0`),
65	};
66
67	struct tpm_class_ops {
68	unsigned int flags;
69	const u8 req_complete_mask;
70	const u8 req_complete_val;
71	bool (req_canceled)(struct* tpm_chip *chip, u8 status);
72	int (recv) (struct* tpm_chip chip, u8 buf, size_t len);
73	int (send) (struct* tpm_chip chip, u8 buf, size_t len);
74	void (cancel) (struct* tpm_chip *chip);
75	u8 (status) (struct* tpm_chip *chip);
76	void (update_timeouts)(struct* tpm_chip *chip,
77	unsigned long *timeout_cap);
78	void (update_durations)(struct* tpm_chip *chip,
79	unsigned long *duration_cap);
80	int (go_idle)(struct* tpm_chip *chip);
81	int (cmd_ready)(struct* tpm_chip *chip);
82	int (request_locality)(struct* tpm_chip chip, int* loc);
83	int (relinquish_locality)(struct* tpm_chip chip, int* loc);
84	void (clk_enable)(struct* tpm_chip *chip, bool value);
85	};
86
87	#define TPM_NUM_EVENT_LOG_FILES 3
88
89	/ Indexes the duration array /
90	enum tpm_duration {
91	TPM_SHORT = `0`,
92	TPM_MEDIUM = `1`,
93	TPM_LONG = `2`,
94	TPM_LONG_LONG = `3`,
95	TPM_UNDEFINED,
96	TPM_NUM_DURATIONS = TPM_UNDEFINED,
97	};
98
99	#define TPM_PPI_VERSION_LEN 3
100
101	struct tpm_space {
102	u32 context_tbl[`3`];
103	u8 *context_buf;
104	u32 session_tbl[`3`];
105	u8 *session_buf;
106	u32 buf_size;
107	};
108
109	struct tpm_bios_log {
110	void *bios_event_log;
111	void *bios_event_log_end;
112	};
113
114	struct tpm_chip_seqops {
115	struct tpm_chip *chip;
116	const struct seq_operations *seqops;
117	};
118
119	struct tpm_chip {
120	struct device dev;
121	struct device devs;
122	struct cdev cdev;
123	struct cdev cdevs;
124
125	/ A driver callback under ops cannot be run unless ops_sem is held*
126	* (sometimes implicitly, eg for the sysfs code). ops becomes null
127	* when the driver is unregistered, see tpm_try_get_ops.
128	*/
129	struct rw_semaphore ops_sem;
130	const struct tpm_class_ops *ops;
131
132	struct tpm_bios_log log;
133	struct tpm_chip_seqops bin_log_seqops;
134	struct tpm_chip_seqops ascii_log_seqops;
135
136	unsigned int flags;
137
138	int dev_num; / /dev/tpm# /
139	unsigned long is_open; / only one allowed /
140
141	char hwrng_name[`64`];
142	struct hwrng hwrng;
143
144	struct mutex tpm_mutex; / tpm is processing /
145
146	unsigned long timeout_a; / jiffies /
147	unsigned long timeout_b; / jiffies /
148	unsigned long timeout_c; / jiffies /
149	unsigned long timeout_d; / jiffies /
150	bool timeout_adjusted;
151	unsigned long duration[TPM_NUM_DURATIONS]; / jiffies /
152	bool duration_adjusted;
153
154	struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES];
155
156	const struct attribute_group *groups[`3` + TPM_MAX_HASHES];
157	unsigned int groups_cnt;
158
159	u32 nr_allocated_banks;
160	struct tpm_bank_info *allocated_banks;
161	#ifdef CONFIG_ACPI
162	acpi_handle acpi_dev_handle;
163	char ppi_version[TPM_PPI_VERSION_LEN + `1`];
164	#endif /* CONFIG_ACPI */
165
166	struct tpm_space work_space;
167	u32 last_cc;
168	u32 nr_commands;
169	u32 *cc_attrs_tbl;
170
171	/ active locality /
172	int locality;
173	};
174
175	#define TPM_HEADER_SIZE 10
176
177	enum tpm2_const {
178	TPM2_PLATFORM_PCR = `24`,
179	TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + `7`) / `8`),
180	};
181
182	enum tpm2_timeouts {
183	TPM2_TIMEOUT_A = `750`,
184	TPM2_TIMEOUT_B = `2000`,
185	TPM2_TIMEOUT_C = `200`,
186	TPM2_TIMEOUT_D = `30`,
187	TPM2_DURATION_SHORT = `20`,
188	TPM2_DURATION_MEDIUM = `750`,
189	TPM2_DURATION_LONG = `2000`,
190	TPM2_DURATION_LONG_LONG = `300000`,
191	TPM2_DURATION_DEFAULT = `120000`,
192	};
193
194	enum tpm2_structures {
195	TPM2_ST_NO_SESSIONS = `0x8001`,
196	TPM2_ST_SESSIONS = `0x8002`,
197	};
198
199	/ Indicates from what layer of the software stack the error comes from /
200	#define TSS2_RC_LAYER_SHIFT 16
201	#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
202
203	enum tpm2_return_codes {
204	TPM2_RC_SUCCESS = `0x0000`,
205	TPM2_RC_HASH = `0x0083`, / RC_FMT1 /
206	TPM2_RC_HANDLE = `0x008B`,
207	TPM2_RC_INITIALIZE = `0x0100`, / RC_VER1 /
208	TPM2_RC_FAILURE = `0x0101`,
209	TPM2_RC_DISABLED = `0x0120`,
210	TPM2_RC_UPGRADE = `0x012D`,
211	TPM2_RC_COMMAND_CODE = `0x0143`,
212	TPM2_RC_TESTING = `0x090A`, / RC_WARN /
213	TPM2_RC_REFERENCE_H0 = `0x0910`,
214	TPM2_RC_RETRY = `0x0922`,
215	};
216
217	enum tpm2_command_codes {
218	TPM2_CC_FIRST = `0x011F`,
219	TPM2_CC_HIERARCHY_CONTROL = `0x0121`,
220	TPM2_CC_HIERARCHY_CHANGE_AUTH = `0x0129`,
221	TPM2_CC_CREATE_PRIMARY = `0x0131`,
222	TPM2_CC_SEQUENCE_COMPLETE = `0x013E`,
223	TPM2_CC_SELF_TEST = `0x0143`,
224	TPM2_CC_STARTUP = `0x0144`,
225	TPM2_CC_SHUTDOWN = `0x0145`,
226	TPM2_CC_NV_READ = `0x014E`,
227	TPM2_CC_CREATE = `0x0153`,
228	TPM2_CC_LOAD = `0x0157`,
229	TPM2_CC_SEQUENCE_UPDATE = `0x015C`,
230	TPM2_CC_UNSEAL = `0x015E`,
231	TPM2_CC_CONTEXT_LOAD = `0x0161`,
232	TPM2_CC_CONTEXT_SAVE = `0x0162`,
233	TPM2_CC_FLUSH_CONTEXT = `0x0165`,
234	TPM2_CC_VERIFY_SIGNATURE = `0x0177`,
235	TPM2_CC_GET_CAPABILITY = `0x017A`,
236	TPM2_CC_GET_RANDOM = `0x017B`,
237	TPM2_CC_PCR_READ = `0x017E`,
238	TPM2_CC_PCR_EXTEND = `0x0182`,
239	TPM2_CC_EVENT_SEQUENCE_COMPLETE = `0x0185`,
240	TPM2_CC_HASH_SEQUENCE_START = `0x0186`,
241	TPM2_CC_CREATE_LOADED = `0x0191`,
242	TPM2_CC_LAST = `0x0193`, / Spec 1.36 /
243	};
244
245	enum tpm2_permanent_handles {
246	TPM2_RS_PW = `0x40000009`,
247	};
248
249	enum tpm2_capabilities {
250	TPM2_CAP_HANDLES = `1`,
251	TPM2_CAP_COMMANDS = `2`,
252	TPM2_CAP_PCRS = `5`,
253	TPM2_CAP_TPM_PROPERTIES = `6`,
254	};
255
256	enum tpm2_properties {
257	TPM_PT_TOTAL_COMMANDS = `0x0129`,
258	};
259
260	enum tpm2_startup_types {
261	TPM2_SU_CLEAR = `0x0000`,
262	TPM2_SU_STATE = `0x0001`,
263	};
264
265	enum tpm2_cc_attrs {
266	TPM2_CC_ATTR_CHANDLES = `25`,
267	TPM2_CC_ATTR_RHANDLE = `28`,
268	TPM2_CC_ATTR_VENDOR = `29`,
269	};
270
271	#define TPM_VID_INTEL 0x8086
272	#define TPM_VID_WINBOND 0x1050
273	#define TPM_VID_STM 0x104A
274	#define TPM_VID_ATML 0x1114
275
276	enum tpm_chip_flags {
277	TPM_CHIP_FLAG_BOOTSTRAPPED = BIT(`0`),
278	TPM_CHIP_FLAG_TPM2 = BIT(`1`),
279	TPM_CHIP_FLAG_IRQ = BIT(`2`),
280	TPM_CHIP_FLAG_VIRTUAL = BIT(`3`),
281	TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(`4`),
282	TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(`5`),
283	TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(`6`),
284	TPM_CHIP_FLAG_FIRMWARE_UPGRADE = BIT(`7`),
285	TPM_CHIP_FLAG_SUSPENDED = BIT(`8`),
286	TPM_CHIP_FLAG_HWRNG_DISABLED = BIT(`9`),
287	};
288
289	#define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
290
291	struct tpm_header {
292	__be16 tag;
293	__be32 length;
294	union {
295	__be32 ordinal;
296	__be32 return_code;
297	};
298	} __packed;
299
300	/ A string buffer type for constructing TPM commands. This is based on the*
301	* ideas of string buffer code in security/keys/trusted.h but is heap based
302	* in order to keep the stack usage minimal.
303	*/
304
305	enum tpm_buf_flags {
306	TPM_BUF_OVERFLOW = BIT(`0`),
307	};
308
309	struct tpm_buf {
310	unsigned int flags;
311	u8 *data;
312	};
313
314	enum tpm2_object_attributes {
315	TPM2_OA_FIXED_TPM = BIT(`1`),
316	TPM2_OA_FIXED_PARENT = BIT(`4`),
317	TPM2_OA_USER_WITH_AUTH = BIT(`6`),
318	};
319
320	enum tpm2_session_attributes {
321	TPM2_SA_CONTINUE_SESSION = BIT(`0`),
322	};
323
324	struct tpm2_hash {
325	unsigned int crypto_id;
326	unsigned int tpm_id;
327	};
328
329	static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal)
330	{
331	struct tpm_header head = (struct* tpm_header *)buf->data;
332
333	head->tag = cpu_to_be16(tag);
334	head->length = cpu_to_be32(sizeof(*head));
335	head->ordinal = cpu_to_be32(ordinal);
336	}
337
338	static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal)
339	{
340	buf->data = (u8 *)__get_free_page(GFP_KERNEL);
341	if (!buf->data)
342	return -ENOMEM;
343
344	buf->flags = `0`;
345	tpm_buf_reset(buf, tag, ordinal);
346	return `0`;
347	}
348
349	static inline void tpm_buf_destroy(struct tpm_buf *buf)
350	{
351	free_page((unsigned long)buf->data);
352	}
353
354	static inline u32 tpm_buf_length(struct tpm_buf *buf)
355	{
356	struct tpm_header head = (struct* tpm_header *)buf->data;
357
358	return be32_to_cpu(head->length);
359	}
360
361	static inline u16 tpm_buf_tag(struct tpm_buf *buf)
362	{
363	struct tpm_header head = (struct* tpm_header *)buf->data;
364
365	return be16_to_cpu(head->tag);
366	}
367
368	static inline void tpm_buf_append(struct tpm_buf *buf,
369	const unsigned char *new_data,
370	unsigned int new_len)
371	{
372	struct tpm_header head = (struct* tpm_header *)buf->data;
373	u32 len = tpm_buf_length(buf);
374
375	/ Return silently if overflow has already happened. /
376	if (buf->flags & TPM_BUF_OVERFLOW)
377	return;
378
379	if ((len + new_len) > PAGE_SIZE) {
380	WARN(`1`, "tpm_buf: overflow\n");
381	buf->flags \|= TPM_BUF_OVERFLOW;
382	return;
383	}
384
385	memcpy(&buf->data[len], new_data, new_len);
386	head->length = cpu_to_be32(len + new_len);
387	}
388
389	static inline void tpm_buf_append_u8(struct tpm_buf buf, const* u8 value)
390	{
391	tpm_buf_append(buf, new_data: &value, new_len: `1`);
392	}
393
394	static inline void tpm_buf_append_u16(struct tpm_buf buf, const* u16 value)
395	{
396	__be16 value2 = cpu_to_be16(value);
397
398	tpm_buf_append(buf, new_data: (u8 *) &value2, new_len: `2`);
399	}
400
401	static inline void tpm_buf_append_u32(struct tpm_buf buf, const* u32 value)
402	{
403	__be32 value2 = cpu_to_be32(value);
404
405	tpm_buf_append(buf, new_data: (u8 *) &value2, new_len: `4`);
406	}
407
408	/*
409	* Check if TPM device is in the firmware upgrade mode.
410	*/
411	static inline bool tpm_is_firmware_upgrade(struct tpm_chip *chip)
412	{
413	return chip->flags & TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
414	}
415
416	static inline u32 tpm2_rc_value(u32 rc)
417	{
418	return (rc & BIT(`7`)) ? rc & `0xff` : rc;
419	}
420
421	#if defined(CONFIG_TCG_TPM) \|\| defined(CONFIG_TCG_TPM_MODULE)
422
423	extern int tpm_is_tpm2(struct tpm_chip *chip);
424	extern __must_check int tpm_try_get_ops(struct tpm_chip *chip);
425	extern void tpm_put_ops(struct tpm_chip *chip);
426	extern ssize_t tpm_transmit_cmd(struct tpm_chip chip, struct* tpm_buf *buf,
427	size_t min_rsp_body_length, const char *desc);
428	extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
429	struct tpm_digest *digest);
430	extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
431	struct tpm_digest *digests);
432	extern int tpm_send(struct tpm_chip chip, void* *cmd, size_t buflen);
433	extern int tpm_get_random(struct tpm_chip chip, u8 data, size_t max);
434	extern struct tpm_chip tpm_default_chip(void*);
435	void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
436	#else
437	static inline int tpm_is_tpm2(struct tpm_chip *chip)
438	{
439	return -ENODEV;
440	}
441	static inline int tpm_pcr_read(struct tpm_chip chip, int* pcr_idx,
442	struct tpm_digest *digest)
443	{
444	return -ENODEV;
445	}
446
447	static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
448	struct tpm_digest *digests)
449	{
450	return -ENODEV;
451	}
452
453	static inline int tpm_send(struct tpm_chip chip, void* *cmd, size_t buflen)
454	{
455	return -ENODEV;
456	}
457	static inline int tpm_get_random(struct tpm_chip chip, u8 data, size_t max)
458	{
459	return -ENODEV;
460	}
461
462	static inline struct tpm_chip tpm_default_chip(void*)
463	{
464	return NULL;
465	}
466	#endif
467	#endif
468

source code of linux/include/linux/tpm.h