tpm_ioctl.h (8685B)
1/* 2 * tpm_ioctl.h 3 * 4 * (c) Copyright IBM Corporation 2014, 2015. 5 * 6 * This file is licensed under the terms of the 3-clause BSD license 7 */ 8 9#ifndef TPM_IOCTL_H 10#define TPM_IOCTL_H 11 12#include <sys/uio.h> 13#include <sys/ioctl.h> 14 15#ifdef HAVE_SYS_IOCCOM_H 16#include <sys/ioccom.h> 17#endif 18 19/* 20 * Every response from a command involving a TPM command execution must hold 21 * the ptm_res as the first element. 22 * ptm_res corresponds to the error code of a command executed by the TPM. 23 */ 24 25typedef uint32_t ptm_res; 26 27/* PTM_GET_TPMESTABLISHED: get the establishment bit */ 28struct ptm_est { 29 union { 30 struct { 31 ptm_res tpm_result; 32 unsigned char bit; /* TPM established bit */ 33 } resp; /* response */ 34 } u; 35}; 36 37/* PTM_RESET_TPMESTABLISHED: reset establishment bit */ 38struct ptm_reset_est { 39 union { 40 struct { 41 uint8_t loc; /* locality to use */ 42 } req; /* request */ 43 struct { 44 ptm_res tpm_result; 45 } resp; /* response */ 46 } u; 47}; 48 49/* PTM_INIT */ 50struct ptm_init { 51 union { 52 struct { 53 uint32_t init_flags; /* see definitions below */ 54 } req; /* request */ 55 struct { 56 ptm_res tpm_result; 57 } resp; /* response */ 58 } u; 59}; 60 61/* above init_flags */ 62#define PTM_INIT_FLAG_DELETE_VOLATILE (1 << 0) 63 /* delete volatile state file after reading it */ 64 65/* PTM_SET_LOCALITY */ 66struct ptm_loc { 67 union { 68 struct { 69 uint8_t loc; /* locality to set */ 70 } req; /* request */ 71 struct { 72 ptm_res tpm_result; 73 } resp; /* response */ 74 } u; 75}; 76 77/* PTM_HASH_DATA: hash given data */ 78struct ptm_hdata { 79 union { 80 struct { 81 uint32_t length; 82 uint8_t data[4096]; 83 } req; /* request */ 84 struct { 85 ptm_res tpm_result; 86 } resp; /* response */ 87 } u; 88}; 89 90/* 91 * size of the TPM state blob to transfer; x86_64 can handle 8k, 92 * ppc64le only ~7k; keep the response below a 4k page size 93 */ 94#define PTM_STATE_BLOB_SIZE (3 * 1024) 95 96/* 97 * The following is the data structure to get state blobs from the TPM. 98 * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple reads 99 * with this ioctl and with adjusted offset are necessary. All bytes 100 * must be transferred and the transfer is done once the last byte has been 101 * returned. 102 * It is possible to use the read() interface for reading the data; however, the 103 * first bytes of the state blob will be part of the response to the ioctl(); a 104 * subsequent read() is only necessary if the total length (totlength) exceeds 105 * the number of received bytes. seek() is not supported. 106 */ 107struct ptm_getstate { 108 union { 109 struct { 110 uint32_t state_flags; /* may be: PTM_STATE_FLAG_DECRYPTED */ 111 uint32_t type; /* which blob to pull */ 112 uint32_t offset; /* offset from where to read */ 113 } req; /* request */ 114 struct { 115 ptm_res tpm_result; 116 uint32_t state_flags; /* may be: PTM_STATE_FLAG_ENCRYPTED */ 117 uint32_t totlength; /* total length that will be transferred */ 118 uint32_t length; /* number of bytes in following buffer */ 119 uint8_t data[PTM_STATE_BLOB_SIZE]; 120 } resp; /* response */ 121 } u; 122}; 123 124/* TPM state blob types */ 125#define PTM_BLOB_TYPE_PERMANENT 1 126#define PTM_BLOB_TYPE_VOLATILE 2 127#define PTM_BLOB_TYPE_SAVESTATE 3 128 129/* state_flags above : */ 130#define PTM_STATE_FLAG_DECRYPTED 1 /* on input: get decrypted state */ 131#define PTM_STATE_FLAG_ENCRYPTED 2 /* on output: state is encrypted */ 132 133/* 134 * The following is the data structure to set state blobs in the TPM. 135 * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple 136 * 'writes' using this ioctl are necessary. The last packet is indicated 137 * by the length being smaller than the PTM_STATE_BLOB_SIZE. 138 * The very first packet may have a length indicator of '0' enabling 139 * a write() with all the bytes from a buffer. If the write() interface 140 * is used, a final ioctl with a non-full buffer must be made to indicate 141 * that all data were transferred (a write with 0 bytes would not work). 142 */ 143struct ptm_setstate { 144 union { 145 struct { 146 uint32_t state_flags; /* may be PTM_STATE_FLAG_ENCRYPTED */ 147 uint32_t type; /* which blob to set */ 148 uint32_t length; /* length of the data; 149 use 0 on the first packet to 150 transfer using write() */ 151 uint8_t data[PTM_STATE_BLOB_SIZE]; 152 } req; /* request */ 153 struct { 154 ptm_res tpm_result; 155 } resp; /* response */ 156 } u; 157}; 158 159/* 160 * PTM_GET_CONFIG: Data structure to get runtime configuration information 161 * such as which keys are applied. 162 */ 163struct ptm_getconfig { 164 union { 165 struct { 166 ptm_res tpm_result; 167 uint32_t flags; 168 } resp; /* response */ 169 } u; 170}; 171 172#define PTM_CONFIG_FLAG_FILE_KEY 0x1 173#define PTM_CONFIG_FLAG_MIGRATION_KEY 0x2 174 175/* 176 * PTM_SET_BUFFERSIZE: Set the buffer size to be used by the TPM. 177 * A 0 on input queries for the current buffer size. Any other 178 * number will try to set the buffer size. The returned number is 179 * the buffer size that will be used, which can be larger than the 180 * requested one, if it was below the minimum, or smaller than the 181 * requested one, if it was above the maximum. 182 */ 183struct ptm_setbuffersize { 184 union { 185 struct { 186 uint32_t buffersize; /* 0 to query for current buffer size */ 187 } req; /* request */ 188 struct { 189 ptm_res tpm_result; 190 uint32_t buffersize; /* buffer size in use */ 191 uint32_t minsize; /* min. supported buffer size */ 192 uint32_t maxsize; /* max. supported buffer size */ 193 } resp; /* response */ 194 } u; 195}; 196 197 198typedef uint64_t ptm_cap; 199typedef struct ptm_est ptm_est; 200typedef struct ptm_reset_est ptm_reset_est; 201typedef struct ptm_loc ptm_loc; 202typedef struct ptm_hdata ptm_hdata; 203typedef struct ptm_init ptm_init; 204typedef struct ptm_getstate ptm_getstate; 205typedef struct ptm_setstate ptm_setstate; 206typedef struct ptm_getconfig ptm_getconfig; 207typedef struct ptm_setbuffersize ptm_setbuffersize; 208 209/* capability flags returned by PTM_GET_CAPABILITY */ 210#define PTM_CAP_INIT (1) 211#define PTM_CAP_SHUTDOWN (1 << 1) 212#define PTM_CAP_GET_TPMESTABLISHED (1 << 2) 213#define PTM_CAP_SET_LOCALITY (1 << 3) 214#define PTM_CAP_HASHING (1 << 4) 215#define PTM_CAP_CANCEL_TPM_CMD (1 << 5) 216#define PTM_CAP_STORE_VOLATILE (1 << 6) 217#define PTM_CAP_RESET_TPMESTABLISHED (1 << 7) 218#define PTM_CAP_GET_STATEBLOB (1 << 8) 219#define PTM_CAP_SET_STATEBLOB (1 << 9) 220#define PTM_CAP_STOP (1 << 10) 221#define PTM_CAP_GET_CONFIG (1 << 11) 222#define PTM_CAP_SET_DATAFD (1 << 12) 223#define PTM_CAP_SET_BUFFERSIZE (1 << 13) 224 225enum { 226 PTM_GET_CAPABILITY = _IOR('P', 0, ptm_cap), 227 PTM_INIT = _IOWR('P', 1, ptm_init), 228 PTM_SHUTDOWN = _IOR('P', 2, ptm_res), 229 PTM_GET_TPMESTABLISHED = _IOR('P', 3, ptm_est), 230 PTM_SET_LOCALITY = _IOWR('P', 4, ptm_loc), 231 PTM_HASH_START = _IOR('P', 5, ptm_res), 232 PTM_HASH_DATA = _IOWR('P', 6, ptm_hdata), 233 PTM_HASH_END = _IOR('P', 7, ptm_res), 234 PTM_CANCEL_TPM_CMD = _IOR('P', 8, ptm_res), 235 PTM_STORE_VOLATILE = _IOR('P', 9, ptm_res), 236 PTM_RESET_TPMESTABLISHED = _IOWR('P', 10, ptm_reset_est), 237 PTM_GET_STATEBLOB = _IOWR('P', 11, ptm_getstate), 238 PTM_SET_STATEBLOB = _IOWR('P', 12, ptm_setstate), 239 PTM_STOP = _IOR('P', 13, ptm_res), 240 PTM_GET_CONFIG = _IOR('P', 14, ptm_getconfig), 241 PTM_SET_DATAFD = _IOR('P', 15, ptm_res), 242 PTM_SET_BUFFERSIZE = _IOWR('P', 16, ptm_setbuffersize), 243}; 244 245/* 246 * Commands used by the non-CUSE TPMs 247 * 248 * All messages container big-endian data. 249 * 250 * The return messages only contain the 'resp' part of the unions 251 * in the data structures above. Besides that the limits in the 252 * buffers above (ptm_hdata:u.req.data and ptm_get_state:u.resp.data 253 * and ptm_set_state:u.req.data) are 0xffffffff. 254 */ 255enum { 256 CMD_GET_CAPABILITY = 1, 257 CMD_INIT, 258 CMD_SHUTDOWN, 259 CMD_GET_TPMESTABLISHED, 260 CMD_SET_LOCALITY, 261 CMD_HASH_START, 262 CMD_HASH_DATA, 263 CMD_HASH_END, 264 CMD_CANCEL_TPM_CMD, 265 CMD_STORE_VOLATILE, 266 CMD_RESET_TPMESTABLISHED, 267 CMD_GET_STATEBLOB, 268 CMD_SET_STATEBLOB, 269 CMD_STOP, 270 CMD_GET_CONFIG, 271 CMD_SET_DATAFD, 272 CMD_SET_BUFFERSIZE, 273}; 274 275#endif /* TPM_IOCTL_H */