1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Copyright (C) 2004 IBM Corporation
4
 * Copyright (C) 2014 Intel Corporation
5
 *
6
 * Authors:
7
 * Jarkko Sakkinen <[email protected]>
8
 * Leendert van Doorn <[email protected]>
9
 * Dave Safford <[email protected]>
10
 * Reiner Sailer <[email protected]>
11
 * Kylene Hall <[email protected]>
12
 *
13
 * Maintained by: <[email protected]>
14
 *
15
 * TPM chip management routines.
16
 */
17

18
#include <linux/poll.h>
19
#include <linux/slab.h>
20
#include <linux/mutex.h>
21
#include <linux/spinlock.h>
22
#include <linux/freezer.h>
23
#include <linux/major.h>
24
#include <linux/tpm_eventlog.h>
25
#include <linux/hw_random.h>
26
#include "tpm.h"
27

28
DEFINE_IDR(dev_nums_idr);
29
static DEFINE_MUTEX(idr_lock);
30

31
const struct class tpm_class = {
32
	.name = "tpm",
33
	.shutdown_pre = tpm_class_shutdown,
34
};
35
const struct class tpmrm_class = {
36
	.name = "tpmrm",
37
};
38
dev_t tpm_devt;
39

40
static int tpm_request_locality(struct tpm_chip *chip)
41
{
42
	int rc;
43

44
	if (!chip->ops->request_locality)
45
		return 0;
46

47
	rc = chip->ops->request_locality(chip, 0);
48
	if (rc < 0)
49
		return rc;
50

51
	chip->locality = rc;
52
	return 0;
53
}
54

55
static void tpm_relinquish_locality(struct tpm_chip *chip)
56
{
57
	int rc;
58

59
	if (!chip->ops->relinquish_locality)
60
		return;
61

62
	rc = chip->ops->relinquish_locality(chip, chip->locality);
63
	if (rc)
64
		dev_err(&chip->dev, "%s: : error %d\n", __func__, rc);
65

66
	chip->locality = -1;
67
}
68

69
static int tpm_cmd_ready(struct tpm_chip *chip)
70
{
71
	if (!chip->ops->cmd_ready)
72
		return 0;
73

74
	return chip->ops->cmd_ready(chip);
75
}
76

77
static int tpm_go_idle(struct tpm_chip *chip)
78
{
79
	if (!chip->ops->go_idle)
80
		return 0;
81

82
	return chip->ops->go_idle(chip);
83
}
84

85
static void tpm_clk_enable(struct tpm_chip *chip)
86
{
87
	if (chip->ops->clk_enable)
88
		chip->ops->clk_enable(chip, true);
89
}
90

91
static void tpm_clk_disable(struct tpm_chip *chip)
92
{
93
	if (chip->ops->clk_enable)
94
		chip->ops->clk_enable(chip, false);
95
}
96

97
/**
98
 * tpm_chip_start() - power on the TPM
99
 * @chip:	a TPM chip to use
100
 *
101
 * Return:
102
 * * The response length	- OK
103
 * * -errno			- A system error
104
 */
105
int tpm_chip_start(struct tpm_chip *chip)
106
{
107
	int ret;
108

109
	tpm_clk_enable(chip);
110

111
	if (chip->locality == -1) {
112
		ret = tpm_request_locality(chip);
113
		if (ret) {
114
			tpm_clk_disable(chip);
115
			return ret;
116
		}
117
	}
118

119
	ret = tpm_cmd_ready(chip);
120
	if (ret) {
121
		tpm_relinquish_locality(chip);
122
		tpm_clk_disable(chip);
123
		return ret;
124
	}
125

126
	return 0;
127
}
128
EXPORT_SYMBOL_GPL(tpm_chip_start);
129

130
/**
131
 * tpm_chip_stop() - power off the TPM
132
 * @chip:	a TPM chip to use
133
 *
134
 * Return:
135
 * * The response length	- OK
136
 * * -errno			- A system error
137
 */
138
void tpm_chip_stop(struct tpm_chip *chip)
139
{
140
	tpm_go_idle(chip);
141
	tpm_relinquish_locality(chip);
142
	tpm_clk_disable(chip);
143
}
144
EXPORT_SYMBOL_GPL(tpm_chip_stop);
145

146
/**
147
 * tpm_try_get_ops() - Get a ref to the tpm_chip
148
 * @chip: Chip to ref
149
 *
150
 * The caller must already have some kind of locking to ensure that chip is
151
 * valid. This function will lock the chip so that the ops member can be
152
 * accessed safely. The locking prevents tpm_chip_unregister from
153
 * completing, so it should not be held for long periods.
154
 *
155
 * Returns -ERRNO if the chip could not be got.
156
 */
157
int tpm_try_get_ops(struct tpm_chip *chip)
158
{
159
	int rc = -EIO;
160

161
	if (chip->flags & TPM_CHIP_FLAG_DISABLE)
162
		return rc;
163

164
	get_device(&chip->dev);
165

166
	down_read(&chip->ops_sem);
167
	if (!chip->ops)
168
		goto out_ops;
169

170
	mutex_lock(&chip->tpm_mutex);
171

172
	/* tmp_chip_start may issue IO that is denied while suspended */
173
	if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
174
		goto out_lock;
175

176
	rc = tpm_chip_start(chip);
177
	if (rc)
178
		goto out_lock;
179

180
	return 0;
181
out_lock:
182
	mutex_unlock(&chip->tpm_mutex);
183
out_ops:
184
	up_read(&chip->ops_sem);
185
	put_device(&chip->dev);
186
	return rc;
187
}
188
EXPORT_SYMBOL_GPL(tpm_try_get_ops);
189

190
/**
191
 * tpm_put_ops() - Release a ref to the tpm_chip
192
 * @chip: Chip to put
193
 *
194
 * This is the opposite pair to tpm_try_get_ops(). After this returns chip may
195
 * be kfree'd.
196
 */
197
void tpm_put_ops(struct tpm_chip *chip)
198
{
199
	tpm_chip_stop(chip);
200
	mutex_unlock(&chip->tpm_mutex);
201
	up_read(&chip->ops_sem);
202
	put_device(&chip->dev);
203
}
204
EXPORT_SYMBOL_GPL(tpm_put_ops);
205

206
/**
207
 * tpm_default_chip() - find a TPM chip and get a reference to it
208
 */
209
struct tpm_chip *tpm_default_chip(void)
210
{
211
	struct tpm_chip *chip, *res = NULL;
212
	int chip_num = 0;
213
	int chip_prev;
214

215
	mutex_lock(&idr_lock);
216

217
	do {
218
		chip_prev = chip_num;
219
		chip = idr_get_next(&dev_nums_idr, &chip_num);
220
		if (chip) {
221
			get_device(&chip->dev);
222
			res = chip;
223
			break;
224
		}
225
	} while (chip_prev != chip_num);
226

227
	mutex_unlock(&idr_lock);
228

229
	return res;
230
}
231
EXPORT_SYMBOL_GPL(tpm_default_chip);
232

233
/**
234
 * tpm_dev_release() - free chip memory and the device number
235
 * @dev: the character device for the TPM chip
236
 *
237
 * This is used as the release function for the character device.
238
 */
239
static void tpm_dev_release(struct device *dev)
240
{
241
	struct tpm_chip *chip = container_of(dev, struct tpm_chip, dev);
242

243
	mutex_lock(&idr_lock);
244
	idr_remove(&dev_nums_idr, chip->dev_num);
245
	mutex_unlock(&idr_lock);
246

247
	kfree(chip->work_space.context_buf);
248
	kfree(chip->work_space.session_buf);
249
#ifdef CONFIG_TCG_TPM2_HMAC
250
	kfree(chip->auth);
251
#endif
252
	kfree(chip);
253
}
254

255
/**
256
 * tpm_class_shutdown() - prepare the TPM device for loss of power.
257
 * @dev: device to which the chip is associated.
258
 *
259
 * Issues a TPM2_Shutdown command prior to loss of power, as required by the
260
 * TPM 2.0 spec. Then, calls bus- and device- specific shutdown code.
261
 *
262
 * Return: always 0 (i.e. success)
263
 */
264
int tpm_class_shutdown(struct device *dev)
265
{
266
	struct tpm_chip *chip = container_of(dev, struct tpm_chip, dev);
267

268
	down_write(&chip->ops_sem);
269
	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
270
		if (!tpm_chip_start(chip)) {
271
			tpm2_end_auth_session(chip);
272
			tpm2_shutdown(chip, TPM2_SU_CLEAR);
273
			tpm_chip_stop(chip);
274
		}
275
	}
276
	chip->ops = NULL;
277
	up_write(&chip->ops_sem);
278

279
	return 0;
280
}
281

282
/**
283
 * tpm_chip_alloc() - allocate a new struct tpm_chip instance
284
 * @pdev: device to which the chip is associated
285
 *        At this point pdev mst be initialized, but does not have to
286
 *        be registered
287
 * @ops: struct tpm_class_ops instance
288
 *
289
 * Allocates a new struct tpm_chip instance and assigns a free
290
 * device number for it. Must be paired with put_device(&chip->dev).
291
 */
292
struct tpm_chip *tpm_chip_alloc(struct device *pdev,
293
				const struct tpm_class_ops *ops)
294
{
295
	struct tpm_chip *chip;
296
	int rc;
297

298
	chip = kzalloc(sizeof(*chip), GFP_KERNEL);
299
	if (chip == NULL)
300
		return ERR_PTR(-ENOMEM);
301

302
	mutex_init(&chip->tpm_mutex);
303
	init_rwsem(&chip->ops_sem);
304

305
	chip->ops = ops;
306

307
	mutex_lock(&idr_lock);
308
	rc = idr_alloc(&dev_nums_idr, NULL, 0, TPM_NUM_DEVICES, GFP_KERNEL);
309
	mutex_unlock(&idr_lock);
310
	if (rc < 0) {
311
		dev_err(pdev, "No available tpm device numbers\n");
312
		kfree(chip);
313
		return ERR_PTR(rc);
314
	}
315
	chip->dev_num = rc;
316

317
	device_initialize(&chip->dev);
318

319
	chip->dev.class = &tpm_class;
320
	chip->dev.release = tpm_dev_release;
321
	chip->dev.parent = pdev;
322
	chip->dev.groups = chip->groups;
323

324
	if (chip->dev_num == 0)
325
		chip->dev.devt = MKDEV(MISC_MAJOR, TPM_MINOR);
326
	else
327
		chip->dev.devt = MKDEV(MAJOR(tpm_devt), chip->dev_num);
328

329
	rc = dev_set_name(&chip->dev, "tpm%d", chip->dev_num);
330
	if (rc)
331
		goto out;
332

333
	if (!pdev)
334
		chip->flags |= TPM_CHIP_FLAG_VIRTUAL;
335

336
	cdev_init(&chip->cdev, &tpm_fops);
337
	chip->cdev.owner = THIS_MODULE;
338

339
	rc = tpm2_init_space(&chip->work_space, TPM2_SPACE_BUFFER_SIZE);
340
	if (rc) {
341
		rc = -ENOMEM;
342
		goto out;
343
	}
344

345
	chip->locality = -1;
346
	return chip;
347

348
out:
349
	put_device(&chip->dev);
350
	return ERR_PTR(rc);
351
}
352
EXPORT_SYMBOL_GPL(tpm_chip_alloc);
353

354
static void tpm_put_device(void *dev)
355
{
356
	put_device(dev);
357
}
358

359
/**
360
 * tpmm_chip_alloc() - allocate a new struct tpm_chip instance
361
 * @pdev: parent device to which the chip is associated
362
 * @ops: struct tpm_class_ops instance
363
 *
364
 * Same as tpm_chip_alloc except devm is used to do the put_device
365
 */
366
struct tpm_chip *tpmm_chip_alloc(struct device *pdev,
367
				 const struct tpm_class_ops *ops)
368
{
369
	struct tpm_chip *chip;
370
	int rc;
371

372
	chip = tpm_chip_alloc(pdev, ops);
373
	if (IS_ERR(chip))
374
		return chip;
375

376
	rc = devm_add_action_or_reset(pdev,
377
				      tpm_put_device,
378
				      &chip->dev);
379
	if (rc)
380
		return ERR_PTR(rc);
381

382
	dev_set_drvdata(pdev, chip);
383

384
	return chip;
385
}
386
EXPORT_SYMBOL_GPL(tpmm_chip_alloc);
387

388
static int tpm_add_char_device(struct tpm_chip *chip)
389
{
390
	int rc;
391

392
	rc = cdev_device_add(&chip->cdev, &chip->dev);
393
	if (rc) {
394
		dev_err(&chip->dev,
395
			"unable to cdev_device_add() %s, major %d, minor %d, err=%d\n",
396
			dev_name(&chip->dev), MAJOR(chip->dev.devt),
397
			MINOR(chip->dev.devt), rc);
398
		return rc;
399
	}
400

401
	if (chip->flags & TPM_CHIP_FLAG_TPM2 && !tpm_is_firmware_upgrade(chip)) {
402
		rc = tpm_devs_add(chip);
403
		if (rc)
404
			goto err_del_cdev;
405
	}
406

407
	/* Make the chip available. */
408
	mutex_lock(&idr_lock);
409
	idr_replace(&dev_nums_idr, chip, chip->dev_num);
410
	mutex_unlock(&idr_lock);
411

412
	return 0;
413

414
err_del_cdev:
415
	cdev_device_del(&chip->cdev, &chip->dev);
416
	return rc;
417
}
418

419
static void tpm_del_char_device(struct tpm_chip *chip)
420
{
421
	cdev_device_del(&chip->cdev, &chip->dev);
422

423
	/* Make the chip unavailable. */
424
	mutex_lock(&idr_lock);
425
	idr_replace(&dev_nums_idr, NULL, chip->dev_num);
426
	mutex_unlock(&idr_lock);
427

428
	/* Make the driver uncallable. */
429
	down_write(&chip->ops_sem);
430

431
	/*
432
	 * Check if chip->ops is still valid: In case that the controller
433
	 * drivers shutdown handler unregisters the controller in its
434
	 * shutdown handler we are called twice and chip->ops to NULL.
435
	 */
436
	if (chip->ops) {
437
		if (chip->flags & TPM_CHIP_FLAG_TPM2) {
438
			if (!tpm_chip_start(chip)) {
439
				tpm2_shutdown(chip, TPM2_SU_CLEAR);
440
				tpm_chip_stop(chip);
441
			}
442
		}
443
		chip->ops = NULL;
444
	}
445
	up_write(&chip->ops_sem);
446
}
447

448
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
449
{
450
	struct attribute **i;
451

452
	if (chip->flags & (TPM_CHIP_FLAG_TPM2 | TPM_CHIP_FLAG_VIRTUAL) ||
453
	    tpm_is_firmware_upgrade(chip))
454
		return;
455

456
	sysfs_remove_link(&chip->dev.parent->kobj, "ppi");
457

458
	for (i = chip->groups[0]->attrs; *i != NULL; ++i)
459
		sysfs_remove_link(&chip->dev.parent->kobj, (*i)->name);
460
}
461

462
/* For compatibility with legacy sysfs paths we provide symlinks from the
463
 * parent dev directory to selected names within the tpm chip directory. Old
464
 * kernel versions created these files directly under the parent.
465
 */
466
static int tpm_add_legacy_sysfs(struct tpm_chip *chip)
467
{
468
	struct attribute **i;
469
	int rc;
470

471
	if (chip->flags & (TPM_CHIP_FLAG_TPM2 | TPM_CHIP_FLAG_VIRTUAL) ||
472
		tpm_is_firmware_upgrade(chip))
473
		return 0;
474

475
	rc = compat_only_sysfs_link_entry_to_kobj(
476
		    &chip->dev.parent->kobj, &chip->dev.kobj, "ppi", NULL);
477
	if (rc && rc != -ENOENT)
478
		return rc;
479

480
	/* All the names from tpm-sysfs */
481
	for (i = chip->groups[0]->attrs; *i != NULL; ++i) {
482
		rc = compat_only_sysfs_link_entry_to_kobj(
483
		    &chip->dev.parent->kobj, &chip->dev.kobj, (*i)->name, NULL);
484
		if (rc) {
485
			tpm_del_legacy_sysfs(chip);
486
			return rc;
487
		}
488
	}
489

490
	return 0;
491
}
492

493
static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait)
494
{
495
	struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng);
496

497
	return tpm_get_random(chip, data, max);
498
}
499

500
static bool tpm_is_hwrng_enabled(struct tpm_chip *chip)
501
{
502
	if (!IS_ENABLED(CONFIG_HW_RANDOM_TPM))
503
		return false;
504
	if (tpm_is_firmware_upgrade(chip))
505
		return false;
506
	if (chip->flags & TPM_CHIP_FLAG_HWRNG_DISABLED)
507
		return false;
508
	return true;
509
}
510

511
static int tpm_add_hwrng(struct tpm_chip *chip)
512
{
513
	if (!tpm_is_hwrng_enabled(chip))
514
		return 0;
515

516
	snprintf(chip->hwrng_name, sizeof(chip->hwrng_name),
517
		 "tpm-rng-%d", chip->dev_num);
518
	chip->hwrng.name = chip->hwrng_name;
519
	chip->hwrng.read = tpm_hwrng_read;
520
	return hwrng_register(&chip->hwrng);
521
}
522

523
static int tpm_get_pcr_allocation(struct tpm_chip *chip)
524
{
525
	int rc;
526

527
	if (tpm_is_firmware_upgrade(chip))
528
		return 0;
529

530
	rc = (chip->flags & TPM_CHIP_FLAG_TPM2) ?
531
	     tpm2_get_pcr_allocation(chip) :
532
	     tpm1_get_pcr_allocation(chip);
533

534
	if (rc > 0)
535
		return -ENODEV;
536

537
	return rc;
538
}
539

540
/*
541
 * tpm_chip_bootstrap() - Boostrap TPM chip after power on
542
 * @chip: TPM chip to use.
543
 *
544
 * Initialize TPM chip after power on. This a one-shot function: subsequent
545
 * calls will have no effect.
546
 */
547
int tpm_chip_bootstrap(struct tpm_chip *chip)
548
{
549
	int rc;
550

551
	if (chip->flags & TPM_CHIP_FLAG_BOOTSTRAPPED)
552
		return 0;
553

554
	rc = tpm_chip_start(chip);
555
	if (rc)
556
		return rc;
557

558
	rc = tpm_auto_startup(chip);
559
	if (rc)
560
		goto stop;
561

562
	rc = tpm_get_pcr_allocation(chip);
563
stop:
564
	tpm_chip_stop(chip);
565

566
	/*
567
	 * Unconditionally set, as driver initialization should cease, when the
568
	 * boostrapping process fails.
569
	 */
570
	chip->flags |= TPM_CHIP_FLAG_BOOTSTRAPPED;
571

572
	return rc;
573
}
574
EXPORT_SYMBOL_GPL(tpm_chip_bootstrap);
575

576
/*
577
 * tpm_chip_register() - create a character device for the TPM chip
578
 * @chip: TPM chip to use.
579
 *
580
 * Creates a character device for the TPM chip and adds sysfs attributes for
581
 * the device. As the last step this function adds the chip to the list of TPM
582
 * chips available for in-kernel use.
583
 *
584
 * This function should be only called after the chip initialization is
585
 * complete.
586
 */
587
int tpm_chip_register(struct tpm_chip *chip)
588
{
589
	int rc;
590

591
	rc = tpm_chip_bootstrap(chip);
592
	if (rc)
593
		return rc;
594

595
	tpm_sysfs_add_device(chip);
596

597
	tpm_bios_log_setup(chip);
598

599
	tpm_add_ppi(chip);
600

601
	rc = tpm_add_hwrng(chip);
602
	if (rc)
603
		goto out_ppi;
604

605
	rc = tpm_add_char_device(chip);
606
	if (rc)
607
		goto out_hwrng;
608

609
	rc = tpm_add_legacy_sysfs(chip);
610
	if (rc) {
611
		tpm_chip_unregister(chip);
612
		return rc;
613
	}
614

615
	return 0;
616

617
out_hwrng:
618
	if (tpm_is_hwrng_enabled(chip))
619
		hwrng_unregister(&chip->hwrng);
620
out_ppi:
621
	tpm_bios_log_teardown(chip);
622

623
	return rc;
624
}
625
EXPORT_SYMBOL_GPL(tpm_chip_register);
626

627
/*
628
 * tpm_chip_unregister() - release the TPM driver
629
 * @chip: TPM chip to use.
630
 *
631
 * Takes the chip first away from the list of available TPM chips and then
632
 * cleans up all the resources reserved by tpm_chip_register().
633
 *
634
 * Once this function returns the driver call backs in 'op's will not be
635
 * running and will no longer start.
636
 *
637
 * NOTE: This function should be only called before deinitializing chip
638
 * resources.
639
 */
640
void tpm_chip_unregister(struct tpm_chip *chip)
641
{
642
#ifdef CONFIG_TCG_TPM2_HMAC
643
	int rc;
644

645
	rc = tpm_try_get_ops(chip);
646
	if (!rc) {
647
		tpm2_end_auth_session(chip);
648
		tpm_put_ops(chip);
649
	}
650
#endif
651

652
	tpm_del_legacy_sysfs(chip);
653
	if (tpm_is_hwrng_enabled(chip))
654
		hwrng_unregister(&chip->hwrng);
655
	tpm_bios_log_teardown(chip);
656
	if (chip->flags & TPM_CHIP_FLAG_TPM2 && !tpm_is_firmware_upgrade(chip))
657
		tpm_devs_remove(chip);
658
	tpm_del_char_device(chip);
659
}
660
EXPORT_SYMBOL_GPL(tpm_chip_unregister);
661

662