2 * Copyright (C) 2004 IBM Corporation
5 * Leendert van Doorn <leendert@watson.ibm.com>
6 * Dave Safford <safford@watson.ibm.com>
7 * Reiner Sailer <sailer@watson.ibm.com>
8 * Kylene Hall <kjhall@us.ibm.com>
10 * Maintained by: <tpmdd_devel@lists.sourceforge.net>
12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License as
17 * published by the Free Software Foundation, version 2 of the
20 * Note, the TPM chip is not interrupt driven (only polling)
21 * and can have very long timeouts (minutes!). Hence the unusual
26 #include <linux/sched.h>
27 #include <linux/poll.h>
28 #include <linux/spinlock.h>
32 TPM_MINOR
= 224, /* officially assigned */
34 TPM_NUM_DEVICES
= 256,
35 TPM_NUM_MASK_ENTRIES
= TPM_NUM_DEVICES
/ (8 * sizeof(int))
38 static LIST_HEAD(tpm_chip_list
);
39 static DEFINE_SPINLOCK(driver_lock
);
40 static int dev_mask
[TPM_NUM_MASK_ENTRIES
];
42 static void user_reader_timeout(unsigned long ptr
)
44 struct tpm_chip
*chip
= (struct tpm_chip
*) ptr
;
46 down(&chip
->buffer_mutex
);
47 atomic_set(&chip
->data_pending
, 0);
48 memset(chip
->data_buffer
, 0, TPM_BUFSIZE
);
49 up(&chip
->buffer_mutex
);
53 * Internal kernel interface to transmit TPM commands
55 static ssize_t
tpm_transmit(struct tpm_chip
*chip
, const char *buf
,
62 count
= be32_to_cpu(*((__be32
*) (buf
+ 2)));
67 dev_err(&chip
->pci_dev
->dev
,
68 "invalid count value %x %zx \n", count
, bufsiz
);
72 down(&chip
->tpm_mutex
);
74 if ((rc
= chip
->vendor
->send(chip
, (u8
*) buf
, count
)) < 0) {
75 dev_err(&chip
->pci_dev
->dev
,
76 "tpm_transmit: tpm_send: error %zd\n", rc
);
80 stop
= jiffies
+ 2 * 60 * HZ
;
82 u8 status
= inb(chip
->vendor
->base
+ 1);
83 if ((status
& chip
->vendor
->req_complete_mask
) ==
84 chip
->vendor
->req_complete_val
) {
88 if ((status
== chip
->vendor
->req_canceled
)) {
89 dev_err(&chip
->pci_dev
->dev
, "Operation Canceled\n");
94 msleep(TPM_TIMEOUT
); /* CHECK */
96 } while (time_before(jiffies
, stop
));
99 chip
->vendor
->cancel(chip
);
100 dev_err(&chip
->pci_dev
->dev
, "Operation Timed out\n");
105 rc
= chip
->vendor
->recv(chip
, (u8
*) buf
, bufsiz
);
107 dev_err(&chip
->pci_dev
->dev
,
108 "tpm_transmit: tpm_recv: error %zd\n", rc
);
110 up(&chip
->tpm_mutex
);
114 #define TPM_DIGEST_SIZE 20
115 #define CAP_PCR_RESULT_SIZE 18
116 static const u8 cap_pcr
[] = {
117 0, 193, /* TPM_TAG_RQU_COMMAND */
118 0, 0, 0, 22, /* length */
119 0, 0, 0, 101, /* TPM_ORD_GetCapability */
125 #define READ_PCR_RESULT_SIZE 30
126 static const u8 pcrread
[] = {
127 0, 193, /* TPM_TAG_RQU_COMMAND */
128 0, 0, 0, 14, /* length */
129 0, 0, 0, 21, /* TPM_ORD_PcrRead */
130 0, 0, 0, 0 /* PCR index */
133 ssize_t
tpm_show_pcrs(struct device
*dev
, struct device_attribute
*attr
,
136 u8 data
[READ_PCR_RESULT_SIZE
];
142 struct tpm_chip
*chip
=
143 pci_get_drvdata(to_pci_dev(dev
));
147 memcpy(data
, cap_pcr
, sizeof(cap_pcr
));
148 if ((len
= tpm_transmit(chip
, data
, sizeof(data
)))
149 < CAP_PCR_RESULT_SIZE
) {
150 dev_dbg(&chip
->pci_dev
->dev
, "A TPM error (%d) occurred "
151 "attempting to determine the number of PCRS\n",
152 be32_to_cpu(*((__be32
*) (data
+ 6))));
156 num_pcrs
= be32_to_cpu(*((__be32
*) (data
+ 14)));
158 for (i
= 0; i
< num_pcrs
; i
++) {
159 memcpy(data
, pcrread
, sizeof(pcrread
));
160 index
= cpu_to_be32(i
);
161 memcpy(data
+ 10, &index
, 4);
162 if ((len
= tpm_transmit(chip
, data
, sizeof(data
)))
163 < READ_PCR_RESULT_SIZE
){
164 dev_dbg(&chip
->pci_dev
->dev
, "A TPM error (%d) occurred"
165 " attempting to read PCR %d of %d\n",
166 be32_to_cpu(*((__be32
*) (data
+ 6))), i
, num_pcrs
);
169 str
+= sprintf(str
, "PCR-%02d: ", i
);
170 for (j
= 0; j
< TPM_DIGEST_SIZE
; j
++)
171 str
+= sprintf(str
, "%02X ", *(data
+ 10 + j
));
172 str
+= sprintf(str
, "\n");
177 EXPORT_SYMBOL_GPL(tpm_show_pcrs
);
179 #define READ_PUBEK_RESULT_SIZE 314
180 static const u8 readpubek
[] = {
181 0, 193, /* TPM_TAG_RQU_COMMAND */
182 0, 0, 0, 30, /* length */
183 0, 0, 0, 124, /* TPM_ORD_ReadPubek */
186 ssize_t
tpm_show_pubek(struct device
*dev
, struct device_attribute
*attr
,
194 struct tpm_chip
*chip
=
195 pci_get_drvdata(to_pci_dev(dev
));
199 data
= kmalloc(READ_PUBEK_RESULT_SIZE
, GFP_KERNEL
);
203 memcpy(data
, readpubek
, sizeof(readpubek
));
204 memset(data
+ sizeof(readpubek
), 0, 20); /* zero nonce */
206 if ((len
= tpm_transmit(chip
, data
, READ_PUBEK_RESULT_SIZE
)) <
207 READ_PUBEK_RESULT_SIZE
) {
208 dev_dbg(&chip
->pci_dev
->dev
, "A TPM error (%d) occurred "
209 "attempting to read the PUBEK\n",
210 be32_to_cpu(*((__be32
*) (data
+ 6))));
216 ignore header 10 bytes
217 algorithm 32 bits (1 == RSA )
220 parameters (RSA 12->bytes: keybit, #primes, expbit)
223 ignore checksum 20 bytes
228 "Algorithm: %02X %02X %02X %02X\nEncscheme: %02X %02X\n"
229 "Sigscheme: %02X %02X\nParameters: %02X %02X %02X %02X"
230 " %02X %02X %02X %02X %02X %02X %02X %02X\n"
231 "Modulus length: %d\nModulus: \n",
232 data
[10], data
[11], data
[12], data
[13], data
[14],
233 data
[15], data
[16], data
[17], data
[22], data
[23],
234 data
[24], data
[25], data
[26], data
[27], data
[28],
235 data
[29], data
[30], data
[31], data
[32], data
[33],
236 be32_to_cpu(*((__be32
*) (data
+ 34))));
238 for (i
= 0; i
< 256; i
++) {
239 str
+= sprintf(str
, "%02X ", data
[i
+ 38]);
240 if ((i
+ 1) % 16 == 0)
241 str
+= sprintf(str
, "\n");
249 EXPORT_SYMBOL_GPL(tpm_show_pubek
);
251 #define CAP_VER_RESULT_SIZE 18
252 static const u8 cap_version
[] = {
253 0, 193, /* TPM_TAG_RQU_COMMAND */
254 0, 0, 0, 18, /* length */
255 0, 0, 0, 101, /* TPM_ORD_GetCapability */
260 #define CAP_MANUFACTURER_RESULT_SIZE 18
261 static const u8 cap_manufacturer
[] = {
262 0, 193, /* TPM_TAG_RQU_COMMAND */
263 0, 0, 0, 22, /* length */
264 0, 0, 0, 101, /* TPM_ORD_GetCapability */
270 ssize_t
tpm_show_caps(struct device
*dev
, struct device_attribute
*attr
,
273 u8 data
[sizeof(cap_manufacturer
)];
277 struct tpm_chip
*chip
=
278 pci_get_drvdata(to_pci_dev(dev
));
282 memcpy(data
, cap_manufacturer
, sizeof(cap_manufacturer
));
284 if ((len
= tpm_transmit(chip
, data
, sizeof(data
))) <
285 CAP_MANUFACTURER_RESULT_SIZE
)
288 str
+= sprintf(str
, "Manufacturer: 0x%x\n",
289 be32_to_cpu(*((__be32
*) (data
+ 14))));
291 memcpy(data
, cap_version
, sizeof(cap_version
));
293 if ((len
= tpm_transmit(chip
, data
, sizeof(data
))) <
298 sprintf(str
, "TCG version: %d.%d\nFirmware version: %d.%d\n",
299 (int) data
[14], (int) data
[15], (int) data
[16],
304 EXPORT_SYMBOL_GPL(tpm_show_caps
);
306 ssize_t
tpm_store_cancel(struct device
*dev
, struct device_attribute
*attr
,
307 const char *buf
, size_t count
)
309 struct tpm_chip
*chip
= dev_get_drvdata(dev
);
313 chip
->vendor
->cancel(chip
);
316 EXPORT_SYMBOL_GPL(tpm_store_cancel
);
320 * Device file system interface to the TPM
322 int tpm_open(struct inode
*inode
, struct file
*file
)
324 int rc
= 0, minor
= iminor(inode
);
325 struct tpm_chip
*chip
= NULL
, *pos
;
327 spin_lock(&driver_lock
);
329 list_for_each_entry(pos
, &tpm_chip_list
, list
) {
330 if (pos
->vendor
->miscdev
.minor
== minor
) {
341 if (chip
->num_opens
) {
342 dev_dbg(&chip
->pci_dev
->dev
,
343 "Another process owns this TPM\n");
349 pci_dev_get(chip
->pci_dev
);
351 spin_unlock(&driver_lock
);
353 chip
->data_buffer
= kmalloc(TPM_BUFSIZE
* sizeof(u8
), GFP_KERNEL
);
354 if (chip
->data_buffer
== NULL
) {
356 pci_dev_put(chip
->pci_dev
);
360 atomic_set(&chip
->data_pending
, 0);
362 file
->private_data
= chip
;
366 spin_unlock(&driver_lock
);
370 EXPORT_SYMBOL_GPL(tpm_open
);
372 int tpm_release(struct inode
*inode
, struct file
*file
)
374 struct tpm_chip
*chip
= file
->private_data
;
376 spin_lock(&driver_lock
);
377 file
->private_data
= NULL
;
379 del_singleshot_timer_sync(&chip
->user_read_timer
);
380 atomic_set(&chip
->data_pending
, 0);
381 pci_dev_put(chip
->pci_dev
);
382 kfree(chip
->data_buffer
);
383 spin_unlock(&driver_lock
);
387 EXPORT_SYMBOL_GPL(tpm_release
);
389 ssize_t
tpm_write(struct file
* file
, const char __user
* buf
,
390 size_t size
, loff_t
* off
)
392 struct tpm_chip
*chip
= file
->private_data
;
393 int in_size
= size
, out_size
;
395 /* cannot perform a write until the read has cleared
396 either via tpm_read or a user_read_timer timeout */
397 while (atomic_read(&chip
->data_pending
) != 0)
400 down(&chip
->buffer_mutex
);
402 if (in_size
> TPM_BUFSIZE
)
403 in_size
= TPM_BUFSIZE
;
406 (chip
->data_buffer
, (void __user
*) buf
, in_size
)) {
407 up(&chip
->buffer_mutex
);
411 /* atomic tpm command send and result receive */
412 out_size
= tpm_transmit(chip
, chip
->data_buffer
, TPM_BUFSIZE
);
414 atomic_set(&chip
->data_pending
, out_size
);
415 up(&chip
->buffer_mutex
);
417 /* Set a timeout by which the reader must come claim the result */
418 mod_timer(&chip
->user_read_timer
, jiffies
+ (60 * HZ
));
423 EXPORT_SYMBOL_GPL(tpm_write
);
425 ssize_t
tpm_read(struct file
* file
, char __user
* buf
,
426 size_t size
, loff_t
* off
)
428 struct tpm_chip
*chip
= file
->private_data
;
431 del_singleshot_timer_sync(&chip
->user_read_timer
);
432 ret_size
= atomic_read(&chip
->data_pending
);
433 atomic_set(&chip
->data_pending
, 0);
434 if (ret_size
> 0) { /* relay data */
438 down(&chip
->buffer_mutex
);
440 ((void __user
*) buf
, chip
->data_buffer
, ret_size
))
442 up(&chip
->buffer_mutex
);
448 EXPORT_SYMBOL_GPL(tpm_read
);
450 void __devexit
tpm_remove(struct pci_dev
*pci_dev
)
452 struct tpm_chip
*chip
= pci_get_drvdata(pci_dev
);
455 dev_err(&pci_dev
->dev
, "No device data found\n");
459 spin_lock(&driver_lock
);
461 list_del(&chip
->list
);
463 spin_unlock(&driver_lock
);
465 pci_set_drvdata(pci_dev
, NULL
);
466 misc_deregister(&chip
->vendor
->miscdev
);
467 kfree(chip
->vendor
->miscdev
.name
);
469 sysfs_remove_group(&pci_dev
->dev
.kobj
, chip
->vendor
->attr_group
);
471 pci_disable_device(pci_dev
);
473 dev_mask
[chip
->dev_num
/ TPM_NUM_MASK_ENTRIES
] &= !(1 << (chip
->dev_num
% TPM_NUM_MASK_ENTRIES
));
477 pci_dev_put(pci_dev
);
480 EXPORT_SYMBOL_GPL(tpm_remove
);
482 static u8 savestate
[] = {
483 0, 193, /* TPM_TAG_RQU_COMMAND */
484 0, 0, 0, 10, /* blob length (in bytes) */
485 0, 0, 0, 152 /* TPM_ORD_SaveState */
489 * We are about to suspend. Save the TPM state
490 * so that it can be restored.
492 int tpm_pm_suspend(struct pci_dev
*pci_dev
, pm_message_t pm_state
)
494 struct tpm_chip
*chip
= pci_get_drvdata(pci_dev
);
498 tpm_transmit(chip
, savestate
, sizeof(savestate
));
502 EXPORT_SYMBOL_GPL(tpm_pm_suspend
);
505 * Resume from a power safe. The BIOS already restored
508 int tpm_pm_resume(struct pci_dev
*pci_dev
)
510 struct tpm_chip
*chip
= pci_get_drvdata(pci_dev
);
518 EXPORT_SYMBOL_GPL(tpm_pm_resume
);
521 * Called from tpm_<specific>.c probe function only for devices
522 * the driver has determined it should claim. Prior to calling
523 * this function the specific probe function has called pci_enable_device
524 * upon errant exit from this function specific probe function should call
527 int tpm_register_hardware(struct pci_dev
*pci_dev
,
528 struct tpm_vendor_specific
*entry
)
530 #define DEVNAME_SIZE 7
533 struct tpm_chip
*chip
;
536 /* Driver specific per-device data */
537 chip
= kmalloc(sizeof(*chip
), GFP_KERNEL
);
541 memset(chip
, 0, sizeof(struct tpm_chip
));
543 init_MUTEX(&chip
->buffer_mutex
);
544 init_MUTEX(&chip
->tpm_mutex
);
545 INIT_LIST_HEAD(&chip
->list
);
547 init_timer(&chip
->user_read_timer
);
548 chip
->user_read_timer
.function
= user_reader_timeout
;
549 chip
->user_read_timer
.data
= (unsigned long) chip
;
551 chip
->vendor
= entry
;
555 for (i
= 0; i
< TPM_NUM_MASK_ENTRIES
; i
++)
556 for (j
= 0; j
< 8 * sizeof(int); j
++)
557 if ((dev_mask
[i
] & (1 << j
)) == 0) {
559 i
* TPM_NUM_MASK_ENTRIES
+ j
;
560 dev_mask
[i
] |= 1 << j
;
561 goto dev_num_search_complete
;
564 dev_num_search_complete
:
565 if (chip
->dev_num
< 0) {
566 dev_err(&pci_dev
->dev
,
567 "No available tpm device numbers\n");
570 } else if (chip
->dev_num
== 0)
571 chip
->vendor
->miscdev
.minor
= TPM_MINOR
;
573 chip
->vendor
->miscdev
.minor
= MISC_DYNAMIC_MINOR
;
575 devname
= kmalloc(DEVNAME_SIZE
, GFP_KERNEL
);
576 scnprintf(devname
, DEVNAME_SIZE
, "%s%d", "tpm", chip
->dev_num
);
577 chip
->vendor
->miscdev
.name
= devname
;
579 chip
->vendor
->miscdev
.dev
= &(pci_dev
->dev
);
580 chip
->pci_dev
= pci_dev_get(pci_dev
);
582 if (misc_register(&chip
->vendor
->miscdev
)) {
583 dev_err(&chip
->pci_dev
->dev
,
584 "unable to misc_register %s, minor %d\n",
585 chip
->vendor
->miscdev
.name
,
586 chip
->vendor
->miscdev
.minor
);
587 pci_dev_put(pci_dev
);
589 dev_mask
[i
] &= !(1 << j
);
593 spin_lock(&driver_lock
);
595 pci_set_drvdata(pci_dev
, chip
);
597 list_add(&chip
->list
, &tpm_chip_list
);
599 spin_unlock(&driver_lock
);
601 sysfs_create_group(&pci_dev
->dev
.kobj
, chip
->vendor
->attr_group
);
606 EXPORT_SYMBOL_GPL(tpm_register_hardware
);
608 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
609 MODULE_DESCRIPTION("TPM Driver");
610 MODULE_VERSION("2.0");
611 MODULE_LICENSE("GPL");