tpm-chip.c (14172B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2004 IBM Corporation 4 * Copyright (C) 2014 Intel Corporation 5 * 6 * Authors: 7 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 8 * Leendert van Doorn <leendert@watson.ibm.com> 9 * Dave Safford <safford@watson.ibm.com> 10 * Reiner Sailer <sailer@watson.ibm.com> 11 * Kylene Hall <kjhall@us.ibm.com> 12 * 13 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 14 * 15 * TPM chip management routines. 16 */ 17 18#include <linux/poll.h> 19#include <linux/slab.h> 20#include <linux/mutex.h> 21#include <linux/spinlock.h> 22#include <linux/freezer.h> 23#include <linux/major.h> 24#include <linux/tpm_eventlog.h> 25#include <linux/hw_random.h> 26#include "tpm.h" 27 28DEFINE_IDR(dev_nums_idr); 29static DEFINE_MUTEX(idr_lock); 30 31struct class *tpm_class; 32struct class *tpmrm_class; 33dev_t tpm_devt; 34 35static int tpm_request_locality(struct tpm_chip *chip) 36{ 37 int rc; 38 39 if (!chip->ops->request_locality) 40 return 0; 41 42 rc = chip->ops->request_locality(chip, 0); 43 if (rc < 0) 44 return rc; 45 46 chip->locality = rc; 47 return 0; 48} 49 50static void tpm_relinquish_locality(struct tpm_chip *chip) 51{ 52 int rc; 53 54 if (!chip->ops->relinquish_locality) 55 return; 56 57 rc = chip->ops->relinquish_locality(chip, chip->locality); 58 if (rc) 59 dev_err(&chip->dev, "%s: : error %d\n", __func__, rc); 60 61 chip->locality = -1; 62} 63 64static int tpm_cmd_ready(struct tpm_chip *chip) 65{ 66 if (!chip->ops->cmd_ready) 67 return 0; 68 69 return chip->ops->cmd_ready(chip); 70} 71 72static int tpm_go_idle(struct tpm_chip *chip) 73{ 74 if (!chip->ops->go_idle) 75 return 0; 76 77 return chip->ops->go_idle(chip); 78} 79 80static void tpm_clk_enable(struct tpm_chip *chip) 81{ 82 if (chip->ops->clk_enable) 83 chip->ops->clk_enable(chip, true); 84} 85 86static void tpm_clk_disable(struct tpm_chip *chip) 87{ 88 if (chip->ops->clk_enable) 89 chip->ops->clk_enable(chip, false); 90} 91 92/** 93 * tpm_chip_start() - power on the TPM 94 * @chip: a TPM chip to use 95 * 96 * Return: 97 * * The response length - OK 98 * * -errno - A system error 99 */ 100int tpm_chip_start(struct tpm_chip *chip) 101{ 102 int ret; 103 104 tpm_clk_enable(chip); 105 106 if (chip->locality == -1) { 107 ret = tpm_request_locality(chip); 108 if (ret) { 109 tpm_clk_disable(chip); 110 return ret; 111 } 112 } 113 114 ret = tpm_cmd_ready(chip); 115 if (ret) { 116 tpm_relinquish_locality(chip); 117 tpm_clk_disable(chip); 118 return ret; 119 } 120 121 return 0; 122} 123EXPORT_SYMBOL_GPL(tpm_chip_start); 124 125/** 126 * tpm_chip_stop() - power off the TPM 127 * @chip: a TPM chip to use 128 * 129 * Return: 130 * * The response length - OK 131 * * -errno - A system error 132 */ 133void tpm_chip_stop(struct tpm_chip *chip) 134{ 135 tpm_go_idle(chip); 136 tpm_relinquish_locality(chip); 137 tpm_clk_disable(chip); 138} 139EXPORT_SYMBOL_GPL(tpm_chip_stop); 140 141/** 142 * tpm_try_get_ops() - Get a ref to the tpm_chip 143 * @chip: Chip to ref 144 * 145 * The caller must already have some kind of locking to ensure that chip is 146 * valid. This function will lock the chip so that the ops member can be 147 * accessed safely. The locking prevents tpm_chip_unregister from 148 * completing, so it should not be held for long periods. 149 * 150 * Returns -ERRNO if the chip could not be got. 151 */ 152int tpm_try_get_ops(struct tpm_chip *chip) 153{ 154 int rc = -EIO; 155 156 get_device(&chip->dev); 157 158 down_read(&chip->ops_sem); 159 if (!chip->ops) 160 goto out_ops; 161 162 mutex_lock(&chip->tpm_mutex); 163 rc = tpm_chip_start(chip); 164 if (rc) 165 goto out_lock; 166 167 return 0; 168out_lock: 169 mutex_unlock(&chip->tpm_mutex); 170out_ops: 171 up_read(&chip->ops_sem); 172 put_device(&chip->dev); 173 return rc; 174} 175EXPORT_SYMBOL_GPL(tpm_try_get_ops); 176 177/** 178 * tpm_put_ops() - Release a ref to the tpm_chip 179 * @chip: Chip to put 180 * 181 * This is the opposite pair to tpm_try_get_ops(). After this returns chip may 182 * be kfree'd. 183 */ 184void tpm_put_ops(struct tpm_chip *chip) 185{ 186 tpm_chip_stop(chip); 187 mutex_unlock(&chip->tpm_mutex); 188 up_read(&chip->ops_sem); 189 put_device(&chip->dev); 190} 191EXPORT_SYMBOL_GPL(tpm_put_ops); 192 193/** 194 * tpm_default_chip() - find a TPM chip and get a reference to it 195 */ 196struct tpm_chip *tpm_default_chip(void) 197{ 198 struct tpm_chip *chip, *res = NULL; 199 int chip_num = 0; 200 int chip_prev; 201 202 mutex_lock(&idr_lock); 203 204 do { 205 chip_prev = chip_num; 206 chip = idr_get_next(&dev_nums_idr, &chip_num); 207 if (chip) { 208 get_device(&chip->dev); 209 res = chip; 210 break; 211 } 212 } while (chip_prev != chip_num); 213 214 mutex_unlock(&idr_lock); 215 216 return res; 217} 218EXPORT_SYMBOL_GPL(tpm_default_chip); 219 220/** 221 * tpm_find_get_ops() - find and reserve a TPM chip 222 * @chip: a &struct tpm_chip instance, %NULL for the default chip 223 * 224 * Finds a TPM chip and reserves its class device and operations. The chip must 225 * be released with tpm_put_ops() after use. 226 * This function is for internal use only. It supports existing TPM callers 227 * by accepting NULL, but those callers should be converted to pass in a chip 228 * directly. 229 * 230 * Return: 231 * A reserved &struct tpm_chip instance. 232 * %NULL if a chip is not found. 233 * %NULL if the chip is not available. 234 */ 235struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip) 236{ 237 int rc; 238 239 if (chip) { 240 if (!tpm_try_get_ops(chip)) 241 return chip; 242 return NULL; 243 } 244 245 chip = tpm_default_chip(); 246 if (!chip) 247 return NULL; 248 rc = tpm_try_get_ops(chip); 249 /* release additional reference we got from tpm_default_chip() */ 250 put_device(&chip->dev); 251 if (rc) 252 return NULL; 253 return chip; 254} 255 256/** 257 * tpm_dev_release() - free chip memory and the device number 258 * @dev: the character device for the TPM chip 259 * 260 * This is used as the release function for the character device. 261 */ 262static void tpm_dev_release(struct device *dev) 263{ 264 struct tpm_chip *chip = container_of(dev, struct tpm_chip, dev); 265 266 mutex_lock(&idr_lock); 267 idr_remove(&dev_nums_idr, chip->dev_num); 268 mutex_unlock(&idr_lock); 269 270 kfree(chip->log.bios_event_log); 271 kfree(chip->work_space.context_buf); 272 kfree(chip->work_space.session_buf); 273 kfree(chip->allocated_banks); 274 kfree(chip); 275} 276 277/** 278 * tpm_class_shutdown() - prepare the TPM device for loss of power. 279 * @dev: device to which the chip is associated. 280 * 281 * Issues a TPM2_Shutdown command prior to loss of power, as required by the 282 * TPM 2.0 spec. Then, calls bus- and device- specific shutdown code. 283 * 284 * Return: always 0 (i.e. success) 285 */ 286static int tpm_class_shutdown(struct device *dev) 287{ 288 struct tpm_chip *chip = container_of(dev, struct tpm_chip, dev); 289 290 down_write(&chip->ops_sem); 291 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 292 if (!tpm_chip_start(chip)) { 293 tpm2_shutdown(chip, TPM2_SU_CLEAR); 294 tpm_chip_stop(chip); 295 } 296 } 297 chip->ops = NULL; 298 up_write(&chip->ops_sem); 299 300 return 0; 301} 302 303/** 304 * tpm_chip_alloc() - allocate a new struct tpm_chip instance 305 * @pdev: device to which the chip is associated 306 * At this point pdev mst be initialized, but does not have to 307 * be registered 308 * @ops: struct tpm_class_ops instance 309 * 310 * Allocates a new struct tpm_chip instance and assigns a free 311 * device number for it. Must be paired with put_device(&chip->dev). 312 */ 313struct tpm_chip *tpm_chip_alloc(struct device *pdev, 314 const struct tpm_class_ops *ops) 315{ 316 struct tpm_chip *chip; 317 int rc; 318 319 chip = kzalloc(sizeof(*chip), GFP_KERNEL); 320 if (chip == NULL) 321 return ERR_PTR(-ENOMEM); 322 323 mutex_init(&chip->tpm_mutex); 324 init_rwsem(&chip->ops_sem); 325 326 chip->ops = ops; 327 328 mutex_lock(&idr_lock); 329 rc = idr_alloc(&dev_nums_idr, NULL, 0, TPM_NUM_DEVICES, GFP_KERNEL); 330 mutex_unlock(&idr_lock); 331 if (rc < 0) { 332 dev_err(pdev, "No available tpm device numbers\n"); 333 kfree(chip); 334 return ERR_PTR(rc); 335 } 336 chip->dev_num = rc; 337 338 device_initialize(&chip->dev); 339 340 chip->dev.class = tpm_class; 341 chip->dev.class->shutdown_pre = tpm_class_shutdown; 342 chip->dev.release = tpm_dev_release; 343 chip->dev.parent = pdev; 344 chip->dev.groups = chip->groups; 345 346 if (chip->dev_num == 0) 347 chip->dev.devt = MKDEV(MISC_MAJOR, TPM_MINOR); 348 else 349 chip->dev.devt = MKDEV(MAJOR(tpm_devt), chip->dev_num); 350 351 rc = dev_set_name(&chip->dev, "tpm%d", chip->dev_num); 352 if (rc) 353 goto out; 354 355 if (!pdev) 356 chip->flags |= TPM_CHIP_FLAG_VIRTUAL; 357 358 cdev_init(&chip->cdev, &tpm_fops); 359 chip->cdev.owner = THIS_MODULE; 360 361 rc = tpm2_init_space(&chip->work_space, TPM2_SPACE_BUFFER_SIZE); 362 if (rc) { 363 rc = -ENOMEM; 364 goto out; 365 } 366 367 chip->locality = -1; 368 return chip; 369 370out: 371 put_device(&chip->dev); 372 return ERR_PTR(rc); 373} 374EXPORT_SYMBOL_GPL(tpm_chip_alloc); 375 376/** 377 * tpmm_chip_alloc() - allocate a new struct tpm_chip instance 378 * @pdev: parent device to which the chip is associated 379 * @ops: struct tpm_class_ops instance 380 * 381 * Same as tpm_chip_alloc except devm is used to do the put_device 382 */ 383struct tpm_chip *tpmm_chip_alloc(struct device *pdev, 384 const struct tpm_class_ops *ops) 385{ 386 struct tpm_chip *chip; 387 int rc; 388 389 chip = tpm_chip_alloc(pdev, ops); 390 if (IS_ERR(chip)) 391 return chip; 392 393 rc = devm_add_action_or_reset(pdev, 394 (void (*)(void *)) put_device, 395 &chip->dev); 396 if (rc) 397 return ERR_PTR(rc); 398 399 dev_set_drvdata(pdev, chip); 400 401 return chip; 402} 403EXPORT_SYMBOL_GPL(tpmm_chip_alloc); 404 405static int tpm_add_char_device(struct tpm_chip *chip) 406{ 407 int rc; 408 409 rc = cdev_device_add(&chip->cdev, &chip->dev); 410 if (rc) { 411 dev_err(&chip->dev, 412 "unable to cdev_device_add() %s, major %d, minor %d, err=%d\n", 413 dev_name(&chip->dev), MAJOR(chip->dev.devt), 414 MINOR(chip->dev.devt), rc); 415 return rc; 416 } 417 418 if (chip->flags & TPM_CHIP_FLAG_TPM2 && !tpm_is_firmware_upgrade(chip)) { 419 rc = tpm_devs_add(chip); 420 if (rc) 421 goto err_del_cdev; 422 } 423 424 /* Make the chip available. */ 425 mutex_lock(&idr_lock); 426 idr_replace(&dev_nums_idr, chip, chip->dev_num); 427 mutex_unlock(&idr_lock); 428 429 return 0; 430 431err_del_cdev: 432 cdev_device_del(&chip->cdev, &chip->dev); 433 return rc; 434} 435 436static void tpm_del_char_device(struct tpm_chip *chip) 437{ 438 cdev_device_del(&chip->cdev, &chip->dev); 439 440 /* Make the chip unavailable. */ 441 mutex_lock(&idr_lock); 442 idr_replace(&dev_nums_idr, NULL, chip->dev_num); 443 mutex_unlock(&idr_lock); 444 445 /* Make the driver uncallable. */ 446 down_write(&chip->ops_sem); 447 448 /* 449 * Check if chip->ops is still valid: In case that the controller 450 * drivers shutdown handler unregisters the controller in its 451 * shutdown handler we are called twice and chip->ops to NULL. 452 */ 453 if (chip->ops) { 454 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 455 if (!tpm_chip_start(chip)) { 456 tpm2_shutdown(chip, TPM2_SU_CLEAR); 457 tpm_chip_stop(chip); 458 } 459 } 460 chip->ops = NULL; 461 } 462 up_write(&chip->ops_sem); 463} 464 465static void tpm_del_legacy_sysfs(struct tpm_chip *chip) 466{ 467 struct attribute **i; 468 469 if (chip->flags & (TPM_CHIP_FLAG_TPM2 | TPM_CHIP_FLAG_VIRTUAL) || 470 tpm_is_firmware_upgrade(chip)) 471 return; 472 473 sysfs_remove_link(&chip->dev.parent->kobj, "ppi"); 474 475 for (i = chip->groups[0]->attrs; *i != NULL; ++i) 476 sysfs_remove_link(&chip->dev.parent->kobj, (*i)->name); 477} 478 479/* For compatibility with legacy sysfs paths we provide symlinks from the 480 * parent dev directory to selected names within the tpm chip directory. Old 481 * kernel versions created these files directly under the parent. 482 */ 483static int tpm_add_legacy_sysfs(struct tpm_chip *chip) 484{ 485 struct attribute **i; 486 int rc; 487 488 if (chip->flags & (TPM_CHIP_FLAG_TPM2 | TPM_CHIP_FLAG_VIRTUAL) || 489 tpm_is_firmware_upgrade(chip)) 490 return 0; 491 492 rc = compat_only_sysfs_link_entry_to_kobj( 493 &chip->dev.parent->kobj, &chip->dev.kobj, "ppi", NULL); 494 if (rc && rc != -ENOENT) 495 return rc; 496 497 /* All the names from tpm-sysfs */ 498 for (i = chip->groups[0]->attrs; *i != NULL; ++i) { 499 rc = compat_only_sysfs_link_entry_to_kobj( 500 &chip->dev.parent->kobj, &chip->dev.kobj, (*i)->name, NULL); 501 if (rc) { 502 tpm_del_legacy_sysfs(chip); 503 return rc; 504 } 505 } 506 507 return 0; 508} 509 510static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) 511{ 512 struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng); 513 514 return tpm_get_random(chip, data, max); 515} 516 517static int tpm_add_hwrng(struct tpm_chip *chip) 518{ 519 if (!IS_ENABLED(CONFIG_HW_RANDOM_TPM) || tpm_is_firmware_upgrade(chip)) 520 return 0; 521 522 snprintf(chip->hwrng_name, sizeof(chip->hwrng_name), 523 "tpm-rng-%d", chip->dev_num); 524 chip->hwrng.name = chip->hwrng_name; 525 chip->hwrng.read = tpm_hwrng_read; 526 return hwrng_register(&chip->hwrng); 527} 528 529static int tpm_get_pcr_allocation(struct tpm_chip *chip) 530{ 531 int rc; 532 533 if (tpm_is_firmware_upgrade(chip)) 534 return 0; 535 536 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) ? 537 tpm2_get_pcr_allocation(chip) : 538 tpm1_get_pcr_allocation(chip); 539 540 if (rc > 0) 541 return -ENODEV; 542 543 return rc; 544} 545 546/* 547 * tpm_chip_register() - create a character device for the TPM chip 548 * @chip: TPM chip to use. 549 * 550 * Creates a character device for the TPM chip and adds sysfs attributes for 551 * the device. As the last step this function adds the chip to the list of TPM 552 * chips available for in-kernel use. 553 * 554 * This function should be only called after the chip initialization is 555 * complete. 556 */ 557int tpm_chip_register(struct tpm_chip *chip) 558{ 559 int rc; 560 561 rc = tpm_chip_start(chip); 562 if (rc) 563 return rc; 564 rc = tpm_auto_startup(chip); 565 if (rc) { 566 tpm_chip_stop(chip); 567 return rc; 568 } 569 570 rc = tpm_get_pcr_allocation(chip); 571 tpm_chip_stop(chip); 572 if (rc) 573 return rc; 574 575 tpm_sysfs_add_device(chip); 576 577 tpm_bios_log_setup(chip); 578 579 tpm_add_ppi(chip); 580 581 rc = tpm_add_hwrng(chip); 582 if (rc) 583 goto out_ppi; 584 585 rc = tpm_add_char_device(chip); 586 if (rc) 587 goto out_hwrng; 588 589 rc = tpm_add_legacy_sysfs(chip); 590 if (rc) { 591 tpm_chip_unregister(chip); 592 return rc; 593 } 594 595 return 0; 596 597out_hwrng: 598 if (IS_ENABLED(CONFIG_HW_RANDOM_TPM) && !tpm_is_firmware_upgrade(chip)) 599 hwrng_unregister(&chip->hwrng); 600out_ppi: 601 tpm_bios_log_teardown(chip); 602 603 return rc; 604} 605EXPORT_SYMBOL_GPL(tpm_chip_register); 606 607/* 608 * tpm_chip_unregister() - release the TPM driver 609 * @chip: TPM chip to use. 610 * 611 * Takes the chip first away from the list of available TPM chips and then 612 * cleans up all the resources reserved by tpm_chip_register(). 613 * 614 * Once this function returns the driver call backs in 'op's will not be 615 * running and will no longer start. 616 * 617 * NOTE: This function should be only called before deinitializing chip 618 * resources. 619 */ 620void tpm_chip_unregister(struct tpm_chip *chip) 621{ 622 tpm_del_legacy_sysfs(chip); 623 if (IS_ENABLED(CONFIG_HW_RANDOM_TPM) && !tpm_is_firmware_upgrade(chip)) 624 hwrng_unregister(&chip->hwrng); 625 tpm_bios_log_teardown(chip); 626 if (chip->flags & TPM_CHIP_FLAG_TPM2 && !tpm_is_firmware_upgrade(chip)) 627 tpm_devs_remove(chip); 628 tpm_del_char_device(chip); 629} 630EXPORT_SYMBOL_GPL(tpm_chip_unregister);