search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
printf: Remove unused 'bprintf'
[drm/drm-misc.git] / include / linux / tpm.h
blob20a40ade8030866ae973e088514941ca38f1d800
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * Copyright (C) 2004,2007,2008 IBM Corporation
4 *
5 * Authors:
6 * Leendert van Doorn <leendert@watson.ibm.com>
7 * Dave Safford <safford@watson.ibm.com>
8 * Reiner Sailer <sailer@watson.ibm.com>
9 * Kylene Hall <kjhall@us.ibm.com>
10 * Debora Velarde <dvelarde@us.ibm.com>
11 *
12 * Maintained by: <tpmdd_devel@lists.sourceforge.net>
13 *
14 * Device driver for TCG/TCPA TPM (trusted platform module).
15 * Specifications at www.trustedcomputinggroup.org
16 */
17 #ifndef __LINUX_TPM_H__
18 #define __LINUX_TPM_H__
19
20 #include <linux/hw_random.h>
21 #include <linux/acpi.h>
22 #include <linux/cdev.h>
23 #include <linux/fs.h>
24 #include <linux/highmem.h>
25 #include <crypto/hash_info.h>
26 #include <crypto/aes.h>
27
28 #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */
29 #define TPM_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
30
31 struct tpm_chip;
32 struct trusted_key_payload;
33 struct trusted_key_options;
34 /* opaque structure, holds auth session parameters like the session key */
35 struct tpm2_auth;
36
37 enum tpm2_session_types {
38 TPM2_SE_HMAC = 0x00,
39 TPM2_SE_POLICY = 0x01,
40 TPM2_SE_TRIAL = 0x02,
41 };
42
43 /* if you add a new hash to this, increment TPM_MAX_HASHES below */
44 enum tpm_algorithms {
45 TPM_ALG_ERROR = 0x0000,
46 TPM_ALG_SHA1 = 0x0004,
47 TPM_ALG_AES = 0x0006,
48 TPM_ALG_KEYEDHASH = 0x0008,
49 TPM_ALG_SHA256 = 0x000B,
50 TPM_ALG_SHA384 = 0x000C,
51 TPM_ALG_SHA512 = 0x000D,
52 TPM_ALG_NULL = 0x0010,
53 TPM_ALG_SM3_256 = 0x0012,
54 TPM_ALG_ECC = 0x0023,
55 TPM_ALG_CFB = 0x0043,
56 };
57
58 /*
59 * maximum number of hashing algorithms a TPM can have. This is
60 * basically a count of every hash in tpm_algorithms above
61 */
62 #define TPM_MAX_HASHES 5
63
64 enum tpm2_curves {
65 TPM2_ECC_NONE = 0x0000,
66 TPM2_ECC_NIST_P256 = 0x0003,
67 };
68
69 struct tpm_digest {
70 u16 alg_id;
71 u8 digest[TPM_MAX_DIGEST_SIZE];
72 } __packed;
73
74 struct tpm_bank_info {
75 u16 alg_id;
76 u16 digest_size;
77 u16 crypto_id;
78 };
79
80 enum TPM_OPS_FLAGS {
81 TPM_OPS_AUTO_STARTUP = BIT(0),
82 };
83
84 struct tpm_class_ops {
85 unsigned int flags;
86 const u8 req_complete_mask;
87 const u8 req_complete_val;
88 bool (*req_canceled)(struct tpm_chip *chip, u8 status);
89 int (*recv) (struct tpm_chip *chip, u8 *buf, size_t len);
90 int (*send) (struct tpm_chip *chip, u8 *buf, size_t len);
91 void (*cancel) (struct tpm_chip *chip);
92 u8 (*status) (struct tpm_chip *chip);
93 void (*update_timeouts)(struct tpm_chip *chip,
94 unsigned long *timeout_cap);
95 void (*update_durations)(struct tpm_chip *chip,
96 unsigned long *duration_cap);
97 int (*go_idle)(struct tpm_chip *chip);
98 int (*cmd_ready)(struct tpm_chip *chip);
99 int (*request_locality)(struct tpm_chip *chip, int loc);
100 int (*relinquish_locality)(struct tpm_chip *chip, int loc);
101 void (*clk_enable)(struct tpm_chip *chip, bool value);
102 };
103
104 #define TPM_NUM_EVENT_LOG_FILES 3
105
106 /* Indexes the duration array */
107 enum tpm_duration {
108 TPM_SHORT = 0,
109 TPM_MEDIUM = 1,
110 TPM_LONG = 2,
111 TPM_LONG_LONG = 3,
112 TPM_UNDEFINED,
113 TPM_NUM_DURATIONS = TPM_UNDEFINED,
114 };
115
116 #define TPM_PPI_VERSION_LEN 3
117
118 struct tpm_space {
119 u32 context_tbl[3];
120 u8 *context_buf;
121 u32 session_tbl[3];
122 u8 *session_buf;
123 u32 buf_size;
124 };
125
126 struct tpm_bios_log {
127 void *bios_event_log;
128 void *bios_event_log_end;
129 };
130
131 struct tpm_chip_seqops {
132 struct tpm_chip *chip;
133 const struct seq_operations *seqops;
134 };
135
136 /* fixed define for the curve we use which is NIST_P256 */
137 #define EC_PT_SZ 32
138
139 /*
140 * fixed define for the size of a name. This is actually HASHALG size
141 * plus 2, so 32 for SHA256
142 */
143 #define TPM2_NAME_SIZE 34
144
145 /*
146 * The maximum size for an object context
147 */
148 #define TPM2_MAX_CONTEXT_SIZE 4096
149
150 struct tpm_chip {
151 struct device dev;
152 struct device devs;
153 struct cdev cdev;
154 struct cdev cdevs;
155
156 /* A driver callback under ops cannot be run unless ops_sem is held
157 * (sometimes implicitly, eg for the sysfs code). ops becomes null
158 * when the driver is unregistered, see tpm_try_get_ops.
159 */
160 struct rw_semaphore ops_sem;
161 const struct tpm_class_ops *ops;
162
163 struct tpm_bios_log log;
164 struct tpm_chip_seqops bin_log_seqops;
165 struct tpm_chip_seqops ascii_log_seqops;
166
167 unsigned int flags;
168
169 int dev_num; /* /dev/tpm# */
170 unsigned long is_open; /* only one allowed */
171
172 char hwrng_name[64];
173 struct hwrng hwrng;
174
175 struct mutex tpm_mutex; /* tpm is processing */
176
177 unsigned long timeout_a; /* jiffies */
178 unsigned long timeout_b; /* jiffies */
179 unsigned long timeout_c; /* jiffies */
180 unsigned long timeout_d; /* jiffies */
181 bool timeout_adjusted;
182 unsigned long duration[TPM_NUM_DURATIONS]; /* jiffies */
183 bool duration_adjusted;
184
185 struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES];
186
187 const struct attribute_group *groups[3 + TPM_MAX_HASHES];
188 unsigned int groups_cnt;
189
190 u32 nr_allocated_banks;
191 struct tpm_bank_info *allocated_banks;
192 #ifdef CONFIG_ACPI
193 acpi_handle acpi_dev_handle;
194 char ppi_version[TPM_PPI_VERSION_LEN + 1];
195 #endif /* CONFIG_ACPI */
196
197 struct tpm_space work_space;
198 u32 last_cc;
199 u32 nr_commands;
200 u32 *cc_attrs_tbl;
201
202 /* active locality */
203 int locality;
204
205 #ifdef CONFIG_TCG_TPM2_HMAC
206 /* details for communication security via sessions */
207
208 /* saved context for NULL seed */
209 u8 null_key_context[TPM2_MAX_CONTEXT_SIZE];
210 /* name of NULL seed */
211 u8 null_key_name[TPM2_NAME_SIZE];
212 u8 null_ec_key_x[EC_PT_SZ];
213 u8 null_ec_key_y[EC_PT_SZ];
214 struct tpm2_auth *auth;
215 #endif
216 };
217
218 #define TPM_HEADER_SIZE 10
219
220 enum tpm2_const {
221 TPM2_PLATFORM_PCR = 24,
222 TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8),
223 };
224
225 enum tpm2_timeouts {
226 TPM2_TIMEOUT_A = 750,
227 TPM2_TIMEOUT_B = 2000,
228 TPM2_TIMEOUT_C = 200,
229 TPM2_TIMEOUT_D = 30,
230 TPM2_DURATION_SHORT = 20,
231 TPM2_DURATION_MEDIUM = 750,
232 TPM2_DURATION_LONG = 2000,
233 TPM2_DURATION_LONG_LONG = 300000,
234 TPM2_DURATION_DEFAULT = 120000,
235 };
236
237 enum tpm2_structures {
238 TPM2_ST_NO_SESSIONS = 0x8001,
239 TPM2_ST_SESSIONS = 0x8002,
240 TPM2_ST_CREATION = 0x8021,
241 };
242
243 /* Indicates from what layer of the software stack the error comes from */
244 #define TSS2_RC_LAYER_SHIFT 16
245 #define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
246
247 enum tpm2_return_codes {
248 TPM2_RC_SUCCESS = 0x0000,
249 TPM2_RC_HASH = 0x0083, /* RC_FMT1 */
250 TPM2_RC_HANDLE = 0x008B,
251 TPM2_RC_INTEGRITY = 0x009F,
252 TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
253 TPM2_RC_FAILURE = 0x0101,
254 TPM2_RC_DISABLED = 0x0120,
255 TPM2_RC_UPGRADE = 0x012D,
256 TPM2_RC_COMMAND_CODE = 0x0143,
257 TPM2_RC_TESTING = 0x090A, /* RC_WARN */
258 TPM2_RC_REFERENCE_H0 = 0x0910,
259 TPM2_RC_RETRY = 0x0922,
260 };
261
262 enum tpm2_command_codes {
263 TPM2_CC_FIRST = 0x011F,
264 TPM2_CC_HIERARCHY_CONTROL = 0x0121,
265 TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129,
266 TPM2_CC_CREATE_PRIMARY = 0x0131,
267 TPM2_CC_SEQUENCE_COMPLETE = 0x013E,
268 TPM2_CC_SELF_TEST = 0x0143,
269 TPM2_CC_STARTUP = 0x0144,
270 TPM2_CC_SHUTDOWN = 0x0145,
271 TPM2_CC_NV_READ = 0x014E,
272 TPM2_CC_CREATE = 0x0153,
273 TPM2_CC_LOAD = 0x0157,
274 TPM2_CC_SEQUENCE_UPDATE = 0x015C,
275 TPM2_CC_UNSEAL = 0x015E,
276 TPM2_CC_CONTEXT_LOAD = 0x0161,
277 TPM2_CC_CONTEXT_SAVE = 0x0162,
278 TPM2_CC_FLUSH_CONTEXT = 0x0165,
279 TPM2_CC_READ_PUBLIC = 0x0173,
280 TPM2_CC_START_AUTH_SESS = 0x0176,
281 TPM2_CC_VERIFY_SIGNATURE = 0x0177,
282 TPM2_CC_GET_CAPABILITY = 0x017A,
283 TPM2_CC_GET_RANDOM = 0x017B,
284 TPM2_CC_PCR_READ = 0x017E,
285 TPM2_CC_PCR_EXTEND = 0x0182,
286 TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
287 TPM2_CC_HASH_SEQUENCE_START = 0x0186,
288 TPM2_CC_CREATE_LOADED = 0x0191,
289 TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
290 };
291
292 enum tpm2_permanent_handles {
293 TPM2_RH_NULL = 0x40000007,
294 TPM2_RS_PW = 0x40000009,
295 };
296
297 /* Most Significant Octet for key types */
298 enum tpm2_mso_type {
299 TPM2_MSO_NVRAM = 0x01,
300 TPM2_MSO_SESSION = 0x02,
301 TPM2_MSO_POLICY = 0x03,
302 TPM2_MSO_PERMANENT = 0x40,
303 TPM2_MSO_VOLATILE = 0x80,
304 TPM2_MSO_PERSISTENT = 0x81,
305 };
306
307 static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
308 {
309 return handle >> 24;
310 }
311
312 enum tpm2_capabilities {
313 TPM2_CAP_HANDLES = 1,
314 TPM2_CAP_COMMANDS = 2,
315 TPM2_CAP_PCRS = 5,
316 TPM2_CAP_TPM_PROPERTIES = 6,
317 };
318
319 enum tpm2_properties {
320 TPM_PT_TOTAL_COMMANDS = 0x0129,
321 };
322
323 enum tpm2_startup_types {
324 TPM2_SU_CLEAR = 0x0000,
325 TPM2_SU_STATE = 0x0001,
326 };
327
328 enum tpm2_cc_attrs {
329 TPM2_CC_ATTR_CHANDLES = 25,
330 TPM2_CC_ATTR_RHANDLE = 28,
331 TPM2_CC_ATTR_VENDOR = 29,
332 };
333
334 #define TPM_VID_INTEL 0x8086
335 #define TPM_VID_WINBOND 0x1050
336 #define TPM_VID_STM 0x104A
337 #define TPM_VID_ATML 0x1114
338
339 enum tpm_chip_flags {
340 TPM_CHIP_FLAG_BOOTSTRAPPED = BIT(0),
341 TPM_CHIP_FLAG_TPM2 = BIT(1),
342 TPM_CHIP_FLAG_IRQ = BIT(2),
343 TPM_CHIP_FLAG_VIRTUAL = BIT(3),
344 TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4),
345 TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(5),
346 TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(6),
347 TPM_CHIP_FLAG_FIRMWARE_UPGRADE = BIT(7),
348 TPM_CHIP_FLAG_SUSPENDED = BIT(8),
349 TPM_CHIP_FLAG_HWRNG_DISABLED = BIT(9),
350 TPM_CHIP_FLAG_DISABLE = BIT(10),
351 };
352
353 #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
354
355 struct tpm_header {
356 __be16 tag;
357 __be32 length;
358 union {
359 __be32 ordinal;
360 __be32 return_code;
361 };
362 } __packed;
363
364 enum tpm_buf_flags {
365 /* the capacity exceeded: */
366 TPM_BUF_OVERFLOW = BIT(0),
367 /* TPM2B format: */
368 TPM_BUF_TPM2B = BIT(1),
369 /* read out of boundary: */
370 TPM_BUF_BOUNDARY_ERROR = BIT(2),
371 };
372
373 /*
374 * A string buffer type for constructing TPM commands.
375 */
376 struct tpm_buf {
377 u32 flags;
378 u32 length;
379 u8 *data;
380 u8 handles;
381 };
382
383 enum tpm2_object_attributes {
384 TPM2_OA_FIXED_TPM = BIT(1),
385 TPM2_OA_ST_CLEAR = BIT(2),
386 TPM2_OA_FIXED_PARENT = BIT(4),
387 TPM2_OA_SENSITIVE_DATA_ORIGIN = BIT(5),
388 TPM2_OA_USER_WITH_AUTH = BIT(6),
389 TPM2_OA_ADMIN_WITH_POLICY = BIT(7),
390 TPM2_OA_NO_DA = BIT(10),
391 TPM2_OA_ENCRYPTED_DUPLICATION = BIT(11),
392 TPM2_OA_RESTRICTED = BIT(16),
393 TPM2_OA_DECRYPT = BIT(17),
394 TPM2_OA_SIGN = BIT(18),
395 };
396
397 enum tpm2_session_attributes {
398 TPM2_SA_CONTINUE_SESSION = BIT(0),
399 TPM2_SA_AUDIT_EXCLUSIVE = BIT(1),
400 TPM2_SA_AUDIT_RESET = BIT(3),
401 TPM2_SA_DECRYPT = BIT(5),
402 TPM2_SA_ENCRYPT = BIT(6),
403 TPM2_SA_AUDIT = BIT(7),
404 };
405
406 struct tpm2_hash {
407 unsigned int crypto_id;
408 unsigned int tpm_id;
409 };
410
411 int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal);
412 void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal);
413 int tpm_buf_init_sized(struct tpm_buf *buf);
414 void tpm_buf_reset_sized(struct tpm_buf *buf);
415 void tpm_buf_destroy(struct tpm_buf *buf);
416 u32 tpm_buf_length(struct tpm_buf *buf);
417 void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length);
418 void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value);
419 void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value);
420 void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value);
421 u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset);
422 u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset);
423 u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset);
424 void tpm_buf_append_handle(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle);
425
426 /*
427 * Check if TPM device is in the firmware upgrade mode.
428 */
429 static inline bool tpm_is_firmware_upgrade(struct tpm_chip *chip)
430 {
431 return chip->flags & TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
432 }
433
434 static inline u32 tpm2_rc_value(u32 rc)
435 {
436 return (rc & BIT(7)) ? rc & 0xbf : rc;
437 }
438
439 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
440
441 extern int tpm_is_tpm2(struct tpm_chip *chip);
442 extern __must_check int tpm_try_get_ops(struct tpm_chip *chip);
443 extern void tpm_put_ops(struct tpm_chip *chip);
444 extern ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf,
445 size_t min_rsp_body_length, const char *desc);
446 extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
447 struct tpm_digest *digest);
448 extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
449 struct tpm_digest *digests);
450 extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
451 extern struct tpm_chip *tpm_default_chip(void);
452 void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
453
454 static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle)
455 {
456 /* simple authorization for empty auth */
457 tpm_buf_append_u32(buf, 9); /* total length of auth */
458 tpm_buf_append_u32(buf, handle);
459 tpm_buf_append_u16(buf, 0); /* nonce len */
460 tpm_buf_append_u8(buf, 0); /* attributes */
461 tpm_buf_append_u16(buf, 0); /* hmac len */
462 }
463 #else
464 static inline int tpm_is_tpm2(struct tpm_chip *chip)
465 {
466 return -ENODEV;
467 }
468 static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx,
469 struct tpm_digest *digest)
470 {
471 return -ENODEV;
472 }
473
474 static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
475 struct tpm_digest *digests)
476 {
477 return -ENODEV;
478 }
479
480 static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max)
481 {
482 return -ENODEV;
483 }
484
485 static inline struct tpm_chip *tpm_default_chip(void)
486 {
487 return NULL;
488 }
489
490 static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle)
491 {
492 }
493 #endif
494
495 static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip)
496 {
497 #ifdef CONFIG_TCG_TPM2_HMAC
498 return chip->auth;
499 #else
500 return NULL;
501 #endif
502 }
503
504 void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf,
505 u32 handle, u8 *name);
506 void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf,
507 u8 attributes, u8 *passphrase,
508 int passphraselen);
509 void tpm_buf_append_auth(struct tpm_chip *chip, struct tpm_buf *buf,
510 u8 attributes, u8 *passphrase, int passphraselen);
511 static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip,
512 struct tpm_buf *buf,
513 u8 attributes,
514 u8 *passphrase,
515 int passphraselen)
516 {
517 struct tpm_header *head;
518 int offset;
519
520 if (tpm2_chip_auth(chip)) {
521 tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen);
522 } else {
523 offset = buf->handles * 4 + TPM_HEADER_SIZE;
524 head = (struct tpm_header *)buf->data;
525
526 /*
527 * If the only sessions are optional, the command tag must change to
528 * TPM2_ST_NO_SESSIONS.
529 */
530 if (tpm_buf_length(buf) == offset)
531 head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
532 }
533 }
534
535 #ifdef CONFIG_TCG_TPM2_HMAC
536
537 int tpm2_start_auth_session(struct tpm_chip *chip);
538 void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf);
539 int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
540 int rc);
541 void tpm2_end_auth_session(struct tpm_chip *chip);
542 #else
543 #include <linux/unaligned.h>
544
545 static inline int tpm2_start_auth_session(struct tpm_chip *chip)
546 {
547 return 0;
548 }
549 static inline void tpm2_end_auth_session(struct tpm_chip *chip)
550 {
551 }
552 static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip,
553 struct tpm_buf *buf)
554 {
555 }
556 static inline int tpm_buf_check_hmac_response(struct tpm_chip *chip,
557 struct tpm_buf *buf,
558 int rc)
559 {
560 return rc;
561 }
562 #endif /* CONFIG_TCG_TPM2_HMAC */
563
564 #endif
Kernel DRM miscellaneous fixes and cross-tree changes