1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Copyright (C) 2014, 2015 Intel Corporation
4
 *
5
 * Authors:
6
 * Jarkko Sakkinen <[email protected]>
7
 *
8
 * Maintained by: <[email protected]>
9
 *
10
 * This file contains TPM2 protocol implementations of the commands
11
 * used by the kernel internally.
12
 */
13

14
#include "tpm.h"
15
#include <crypto/hash_info.h>
16

17
static bool disable_pcr_integrity;
18
module_param(disable_pcr_integrity, bool, 0444);
19
MODULE_PARM_DESC(disable_pcr_integrity, "Disable integrity protection of TPM2_PCR_Extend");
20

21
static struct tpm2_hash tpm2_hash_map[] = {
22
	{HASH_ALGO_SHA1, TPM_ALG_SHA1},
23
	{HASH_ALGO_SHA256, TPM_ALG_SHA256},
24
	{HASH_ALGO_SHA384, TPM_ALG_SHA384},
25
	{HASH_ALGO_SHA512, TPM_ALG_SHA512},
26
	{HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
27
};
28

29
int tpm2_get_timeouts(struct tpm_chip *chip)
30
{
31
	/* Fixed timeouts for TPM2 */
32
	chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
33
	chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
34
	chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
35
	chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
36

37
	/* PTP spec timeouts */
38
	chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT);
39
	chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM);
40
	chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG);
41

42
	/* Key creation commands long timeouts */
43
	chip->duration[TPM_LONG_LONG] =
44
		msecs_to_jiffies(TPM2_DURATION_LONG_LONG);
45

46
	chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
47

48
	return 0;
49
}
50

51
/**
52
 * tpm2_ordinal_duration_index() - returns an index to the chip duration table
53
 * @ordinal: TPM command ordinal.
54
 *
55
 * The function returns an index to the chip duration table
56
 * (enum tpm_duration), that describes the maximum amount of
57
 * time the chip could take to return the result for a  particular ordinal.
58
 *
59
 * The values of the MEDIUM, and LONG durations are taken
60
 * from the PC Client Profile (PTP) specification (750, 2000 msec)
61
 *
62
 * LONG_LONG is for commands that generates keys which empirically takes
63
 * a longer time on some systems.
64
 *
65
 * Return:
66
 * * TPM_MEDIUM
67
 * * TPM_LONG
68
 * * TPM_LONG_LONG
69
 * * TPM_UNDEFINED
70
 */
71
static u8 tpm2_ordinal_duration_index(u32 ordinal)
72
{
73
	switch (ordinal) {
74
	/* Startup */
75
	case TPM2_CC_STARTUP:                 /* 144 */
76
		return TPM_MEDIUM;
77

78
	case TPM2_CC_SELF_TEST:               /* 143 */
79
		return TPM_LONG;
80

81
	case TPM2_CC_GET_RANDOM:              /* 17B */
82
		return TPM_LONG;
83

84
	case TPM2_CC_SEQUENCE_UPDATE:         /* 15C */
85
		return TPM_MEDIUM;
86
	case TPM2_CC_SEQUENCE_COMPLETE:       /* 13E */
87
		return TPM_MEDIUM;
88
	case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */
89
		return TPM_MEDIUM;
90
	case TPM2_CC_HASH_SEQUENCE_START:     /* 186 */
91
		return TPM_MEDIUM;
92

93
	case TPM2_CC_VERIFY_SIGNATURE:        /* 177 */
94
		return TPM_LONG_LONG;
95

96
	case TPM2_CC_PCR_EXTEND:              /* 182 */
97
		return TPM_MEDIUM;
98

99
	case TPM2_CC_HIERARCHY_CONTROL:       /* 121 */
100
		return TPM_LONG;
101
	case TPM2_CC_HIERARCHY_CHANGE_AUTH:   /* 129 */
102
		return TPM_LONG;
103

104
	case TPM2_CC_GET_CAPABILITY:          /* 17A */
105
		return TPM_MEDIUM;
106

107
	case TPM2_CC_NV_READ:                 /* 14E */
108
		return TPM_LONG;
109

110
	case TPM2_CC_CREATE_PRIMARY:          /* 131 */
111
		return TPM_LONG_LONG;
112
	case TPM2_CC_CREATE:                  /* 153 */
113
		return TPM_LONG_LONG;
114
	case TPM2_CC_CREATE_LOADED:           /* 191 */
115
		return TPM_LONG_LONG;
116

117
	default:
118
		return TPM_UNDEFINED;
119
	}
120
}
121

122
/**
123
 * tpm2_calc_ordinal_duration() - calculate the maximum command duration
124
 * @chip:    TPM chip to use.
125
 * @ordinal: TPM command ordinal.
126
 *
127
 * The function returns the maximum amount of time the chip could take
128
 * to return the result for a particular ordinal in jiffies.
129
 *
130
 * Return: A maximal duration time for an ordinal in jiffies.
131
 */
132
unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
133
{
134
	unsigned int index;
135

136
	index = tpm2_ordinal_duration_index(ordinal);
137

138
	if (index != TPM_UNDEFINED)
139
		return chip->duration[index];
140
	else
141
		return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
142
}
143

144

145
struct tpm2_pcr_read_out {
146
	__be32	update_cnt;
147
	__be32	pcr_selects_cnt;
148
	__be16	hash_alg;
149
	u8	pcr_select_size;
150
	u8	pcr_select[TPM2_PCR_SELECT_MIN];
151
	__be32	digests_cnt;
152
	__be16	digest_size;
153
	u8	digest[];
154
} __packed;
155

156
/**
157
 * tpm2_pcr_read() - read a PCR value
158
 * @chip:	TPM chip to use.
159
 * @pcr_idx:	index of the PCR to read.
160
 * @digest:	PCR bank and buffer current PCR value is written to.
161
 * @digest_size_ptr:	pointer to variable that stores the digest size.
162
 *
163
 * Return: Same as with tpm_transmit_cmd.
164
 */
165
int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
166
		  struct tpm_digest *digest, u16 *digest_size_ptr)
167
{
168
	int i;
169
	int rc;
170
	struct tpm_buf buf;
171
	struct tpm2_pcr_read_out *out;
172
	u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
173
	u16 digest_size;
174
	u16 expected_digest_size = 0;
175

176
	if (pcr_idx >= TPM2_PLATFORM_PCR)
177
		return -EINVAL;
178

179
	if (!digest_size_ptr) {
180
		for (i = 0; i < chip->nr_allocated_banks &&
181
		     chip->allocated_banks[i].alg_id != digest->alg_id; i++)
182
			;
183

184
		if (i == chip->nr_allocated_banks)
185
			return -EINVAL;
186

187
		expected_digest_size = chip->allocated_banks[i].digest_size;
188
	}
189

190
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
191
	if (rc)
192
		return rc;
193

194
	pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
195

196
	tpm_buf_append_u32(&buf, 1);
197
	tpm_buf_append_u16(&buf, digest->alg_id);
198
	tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
199
	tpm_buf_append(&buf, (const unsigned char *)pcr_select,
200
		       sizeof(pcr_select));
201

202
	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value");
203
	if (rc)
204
		goto out;
205

206
	out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
207
	digest_size = be16_to_cpu(out->digest_size);
208
	if (digest_size > sizeof(digest->digest) ||
209
	    (!digest_size_ptr && digest_size != expected_digest_size)) {
210
		rc = -EINVAL;
211
		goto out;
212
	}
213

214
	if (digest_size_ptr)
215
		*digest_size_ptr = digest_size;
216

217
	memcpy(digest->digest, out->digest, digest_size);
218
out:
219
	tpm_buf_destroy(&buf);
220
	return rc;
221
}
222

223
/**
224
 * tpm2_pcr_extend() - extend a PCR value
225
 *
226
 * @chip:	TPM chip to use.
227
 * @pcr_idx:	index of the PCR.
228
 * @digests:	list of pcr banks and corresponding digest values to extend.
229
 *
230
 * Return: Same as with tpm_transmit_cmd.
231
 */
232
int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
233
		    struct tpm_digest *digests)
234
{
235
	struct tpm_buf buf;
236
	int rc;
237
	int i;
238

239
	if (!disable_pcr_integrity) {
240
		rc = tpm2_start_auth_session(chip);
241
		if (rc)
242
			return rc;
243
	}
244

245
	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
246
	if (rc) {
247
		if (!disable_pcr_integrity)
248
			tpm2_end_auth_session(chip);
249
		return rc;
250
	}
251

252
	if (!disable_pcr_integrity) {
253
		tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
254
		tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
255
	} else {
256
		tpm_buf_append_handle(chip, &buf, pcr_idx);
257
		tpm_buf_append_auth(chip, &buf, 0, NULL, 0);
258
	}
259

260
	tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
261

262
	for (i = 0; i < chip->nr_allocated_banks; i++) {
263
		tpm_buf_append_u16(&buf, digests[i].alg_id);
264
		tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest,
265
			       chip->allocated_banks[i].digest_size);
266
	}
267

268
	if (!disable_pcr_integrity)
269
		tpm_buf_fill_hmac_session(chip, &buf);
270
	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
271
	if (!disable_pcr_integrity)
272
		rc = tpm_buf_check_hmac_response(chip, &buf, rc);
273

274
	tpm_buf_destroy(&buf);
275

276
	return rc;
277
}
278

279
struct tpm2_get_random_out {
280
	__be16 size;
281
	u8 buffer[TPM_MAX_RNG_DATA];
282
} __packed;
283

284
/**
285
 * tpm2_get_random() - get random bytes from the TPM RNG
286
 *
287
 * @chip:	a &tpm_chip instance
288
 * @dest:	destination buffer
289
 * @max:	the max number of random bytes to pull
290
 *
291
 * Return:
292
 *   size of the buffer on success,
293
 *   -errno otherwise (positive TPM return codes are masked to -EIO)
294
 */
295
int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
296
{
297
	struct tpm2_get_random_out *out;
298
	struct tpm_header *head;
299
	struct tpm_buf buf;
300
	u32 recd;
301
	u32 num_bytes = max;
302
	int err;
303
	int total = 0;
304
	int retries = 5;
305
	u8 *dest_ptr = dest;
306
	off_t offset;
307

308
	if (!num_bytes || max > TPM_MAX_RNG_DATA)
309
		return -EINVAL;
310

311
	err = tpm2_start_auth_session(chip);
312
	if (err)
313
		return err;
314

315
	err = tpm_buf_init(&buf, 0, 0);
316
	if (err) {
317
		tpm2_end_auth_session(chip);
318
		return err;
319
	}
320

321
	do {
322
		tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
323
		tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT
324
						| TPM2_SA_CONTINUE_SESSION,
325
						NULL, 0);
326
		tpm_buf_append_u16(&buf, num_bytes);
327
		tpm_buf_fill_hmac_session(chip, &buf);
328
		err = tpm_transmit_cmd(chip, &buf,
329
				       offsetof(struct tpm2_get_random_out,
330
						buffer),
331
				       "attempting get random");
332
		err = tpm_buf_check_hmac_response(chip, &buf, err);
333
		if (err) {
334
			if (err > 0)
335
				err = -EIO;
336
			goto out;
337
		}
338

339
		head = (struct tpm_header *)buf.data;
340
		offset = TPM_HEADER_SIZE;
341
		/* Skip the parameter size field: */
342
		if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
343
			offset += 4;
344

345
		out = (struct tpm2_get_random_out *)&buf.data[offset];
346
		recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
347
		if (tpm_buf_length(&buf) <
348
		    TPM_HEADER_SIZE +
349
		    offsetof(struct tpm2_get_random_out, buffer) +
350
		    recd) {
351
			err = -EFAULT;
352
			goto out;
353
		}
354
		memcpy(dest_ptr, out->buffer, recd);
355

356
		dest_ptr += recd;
357
		total += recd;
358
		num_bytes -= recd;
359
	} while (retries-- && total < max);
360

361
	tpm_buf_destroy(&buf);
362

363
	return total ? total : -EIO;
364
out:
365
	tpm_buf_destroy(&buf);
366
	tpm2_end_auth_session(chip);
367
	return err;
368
}
369

370
/**
371
 * tpm2_flush_context() - execute a TPM2_FlushContext command
372
 * @chip:	TPM chip to use
373
 * @handle:	context handle
374
 */
375
void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
376
{
377
	struct tpm_buf buf;
378
	int rc;
379

380
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
381
	if (rc) {
382
		dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
383
			 handle);
384
		return;
385
	}
386

387
	tpm_buf_append_u32(&buf, handle);
388

389
	tpm_transmit_cmd(chip, &buf, 0, "flushing context");
390
	tpm_buf_destroy(&buf);
391
}
392
EXPORT_SYMBOL_GPL(tpm2_flush_context);
393

394
struct tpm2_get_cap_out {
395
	u8 more_data;
396
	__be32 subcap_id;
397
	__be32 property_cnt;
398
	__be32 property_id;
399
	__be32 value;
400
} __packed;
401

402
/**
403
 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
404
 * @chip:		a &tpm_chip instance
405
 * @property_id:	property ID.
406
 * @value:		output variable.
407
 * @desc:		passed to tpm_transmit_cmd()
408
 *
409
 * Return:
410
 *   0 on success,
411
 *   -errno or a TPM return code otherwise
412
 */
413
ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,  u32 *value,
414
			const char *desc)
415
{
416
	struct tpm2_get_cap_out *out;
417
	struct tpm_buf buf;
418
	int rc;
419

420
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
421
	if (rc)
422
		return rc;
423
	tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
424
	tpm_buf_append_u32(&buf, property_id);
425
	tpm_buf_append_u32(&buf, 1);
426
	rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
427
	if (!rc) {
428
		out = (struct tpm2_get_cap_out *)
429
			&buf.data[TPM_HEADER_SIZE];
430
		/*
431
		 * To prevent failing boot up of some systems, Infineon TPM2.0
432
		 * returns SUCCESS on TPM2_Startup in field upgrade mode. Also
433
		 * the TPM2_Getcapability command returns a zero length list
434
		 * in field upgrade mode.
435
		 */
436
		if (be32_to_cpu(out->property_cnt) > 0)
437
			*value = be32_to_cpu(out->value);
438
		else
439
			rc = -ENODATA;
440
	}
441
	tpm_buf_destroy(&buf);
442
	return rc;
443
}
444
EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
445

446
/**
447
 * tpm2_shutdown() - send a TPM shutdown command
448
 *
449
 * Sends a TPM shutdown command. The shutdown command is used in call
450
 * sites where the system is going down. If it fails, there is not much
451
 * that can be done except print an error message.
452
 *
453
 * @chip:		a &tpm_chip instance
454
 * @shutdown_type:	TPM_SU_CLEAR or TPM_SU_STATE.
455
 */
456
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
457
{
458
	struct tpm_buf buf;
459
	int rc;
460

461
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN);
462
	if (rc)
463
		return;
464
	tpm_buf_append_u16(&buf, shutdown_type);
465
	tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM");
466
	tpm_buf_destroy(&buf);
467
}
468

469
/**
470
 * tpm2_do_selftest() - ensure that all self tests have passed
471
 *
472
 * @chip: TPM chip to use
473
 *
474
 * Return: Same as with tpm_transmit_cmd.
475
 *
476
 * The TPM can either run all self tests synchronously and then return
477
 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests
478
 * asynchronously and return RC_TESTING immediately while the self tests still
479
 * execute in the background. This function handles both cases and waits until
480
 * all tests have completed.
481
 */
482
static int tpm2_do_selftest(struct tpm_chip *chip)
483
{
484
	struct tpm_buf buf;
485
	int full;
486
	int rc;
487

488
	for (full = 0; full < 2; full++) {
489
		rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
490
		if (rc)
491
			return rc;
492

493
		tpm_buf_append_u8(&buf, full);
494
		rc = tpm_transmit_cmd(chip, &buf, 0,
495
				      "attempting the self test");
496
		tpm_buf_destroy(&buf);
497

498
		if (rc == TPM2_RC_TESTING)
499
			rc = TPM2_RC_SUCCESS;
500
		if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
501
			return rc;
502
	}
503

504
	return rc;
505
}
506

507
/**
508
 * tpm2_probe() - probe for the TPM 2.0 protocol
509
 * @chip:	a &tpm_chip instance
510
 *
511
 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the
512
 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by
513
 * this function if this is the case.
514
 *
515
 * Return:
516
 *   0 on success,
517
 *   -errno otherwise
518
 */
519
int tpm2_probe(struct tpm_chip *chip)
520
{
521
	struct tpm_header *out;
522
	struct tpm_buf buf;
523
	int rc;
524

525
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
526
	if (rc)
527
		return rc;
528
	tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
529
	tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS);
530
	tpm_buf_append_u32(&buf, 1);
531
	rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
532
	/* We ignore TPM return codes on purpose. */
533
	if (rc >=  0) {
534
		out = (struct tpm_header *)buf.data;
535
		if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS)
536
			chip->flags |= TPM_CHIP_FLAG_TPM2;
537
	}
538
	tpm_buf_destroy(&buf);
539
	return 0;
540
}
541
EXPORT_SYMBOL_GPL(tpm2_probe);
542

543
static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
544
{
545
	struct tpm_bank_info *bank = chip->allocated_banks + bank_index;
546
	struct tpm_digest digest = { .alg_id = bank->alg_id };
547
	int i;
548

549
	/*
550
	 * Avoid unnecessary PCR read operations to reduce overhead
551
	 * and obtain identifiers of the crypto subsystem.
552
	 */
553
	for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
554
		enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
555

556
		if (bank->alg_id != tpm2_hash_map[i].tpm_id)
557
			continue;
558

559
		bank->digest_size = hash_digest_size[crypto_algo];
560
		bank->crypto_id = crypto_algo;
561
		return 0;
562
	}
563

564
	bank->crypto_id = HASH_ALGO__LAST;
565

566
	return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
567
}
568

569
struct tpm2_pcr_selection {
570
	__be16  hash_alg;
571
	u8  size_of_select;
572
	u8  pcr_select[3];
573
} __packed;
574

575
ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
576
{
577
	struct tpm2_pcr_selection pcr_selection;
578
	struct tpm_buf buf;
579
	void *marker;
580
	void *end;
581
	void *pcr_select_offset;
582
	u32 sizeof_pcr_selection;
583
	u32 nr_possible_banks;
584
	u32 nr_alloc_banks = 0;
585
	u16 hash_alg;
586
	u32 rsp_len;
587
	int rc;
588
	int i = 0;
589

590
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
591
	if (rc)
592
		return rc;
593

594
	tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
595
	tpm_buf_append_u32(&buf, 0);
596
	tpm_buf_append_u32(&buf, 1);
597

598
	rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation");
599
	if (rc)
600
		goto out;
601

602
	nr_possible_banks = be32_to_cpup(
603
		(__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
604

605
	chip->allocated_banks = kcalloc(nr_possible_banks,
606
					sizeof(*chip->allocated_banks),
607
					GFP_KERNEL);
608
	if (!chip->allocated_banks) {
609
		rc = -ENOMEM;
610
		goto out;
611
	}
612

613
	marker = &buf.data[TPM_HEADER_SIZE + 9];
614

615
	rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
616
	end = &buf.data[rsp_len];
617

618
	for (i = 0; i < nr_possible_banks; i++) {
619
		pcr_select_offset = marker +
620
			offsetof(struct tpm2_pcr_selection, size_of_select);
621
		if (pcr_select_offset >= end) {
622
			rc = -EFAULT;
623
			break;
624
		}
625

626
		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
627
		hash_alg = be16_to_cpu(pcr_selection.hash_alg);
628

629
		pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0,
630
					       pcr_selection.size_of_select);
631
		if (pcr_select_offset) {
632
			chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg;
633

634
			rc = tpm2_init_bank_info(chip, nr_alloc_banks);
635
			if (rc < 0)
636
				break;
637

638
			nr_alloc_banks++;
639
		}
640

641
		sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
642
			sizeof(pcr_selection.size_of_select) +
643
			pcr_selection.size_of_select;
644
		marker = marker + sizeof_pcr_selection;
645
	}
646

647
	chip->nr_allocated_banks = nr_alloc_banks;
648
out:
649
	tpm_buf_destroy(&buf);
650

651
	return rc;
652
}
653

654
int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
655
{
656
	struct tpm_buf buf;
657
	u32 nr_commands;
658
	__be32 *attrs;
659
	u32 cc;
660
	int i;
661
	int rc;
662

663
	rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
664
	if (rc)
665
		goto out;
666

667
	if (nr_commands > 0xFFFFF) {
668
		rc = -EFAULT;
669
		goto out;
670
	}
671

672
	chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
673
					  GFP_KERNEL);
674
	if (!chip->cc_attrs_tbl) {
675
		rc = -ENOMEM;
676
		goto out;
677
	}
678

679
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
680
	if (rc)
681
		goto out;
682

683
	tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
684
	tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
685
	tpm_buf_append_u32(&buf, nr_commands);
686

687
	rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL);
688
	if (rc) {
689
		tpm_buf_destroy(&buf);
690
		goto out;
691
	}
692

693
	if (nr_commands !=
694
	    be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
695
		rc = -EFAULT;
696
		tpm_buf_destroy(&buf);
697
		goto out;
698
	}
699

700
	chip->nr_commands = nr_commands;
701

702
	attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
703
	for (i = 0; i < nr_commands; i++, attrs++) {
704
		chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
705
		cc = chip->cc_attrs_tbl[i] & 0xFFFF;
706

707
		if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
708
			chip->cc_attrs_tbl[i] &=
709
				~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
710
			chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
711
		}
712
	}
713

714
	tpm_buf_destroy(&buf);
715

716
out:
717
	if (rc > 0)
718
		rc = -ENODEV;
719
	return rc;
720
}
721
EXPORT_SYMBOL_GPL(tpm2_get_cc_attrs_tbl);
722

723
/**
724
 * tpm2_startup - turn on the TPM
725
 * @chip: TPM chip to use
726
 *
727
 * Normally the firmware should start the TPM. This function is provided as a
728
 * workaround if this does not happen. A legal case for this could be for
729
 * example when a TPM emulator is used.
730
 *
731
 * Return: same as tpm_transmit_cmd()
732
 */
733

734
static int tpm2_startup(struct tpm_chip *chip)
735
{
736
	struct tpm_buf buf;
737
	int rc;
738

739
	dev_info(&chip->dev, "starting up the TPM manually\n");
740

741
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP);
742
	if (rc < 0)
743
		return rc;
744

745
	tpm_buf_append_u16(&buf, TPM2_SU_CLEAR);
746
	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
747
	tpm_buf_destroy(&buf);
748

749
	return rc;
750
}
751

752
/**
753
 * tpm2_auto_startup - Perform the standard automatic TPM initialization
754
 *                     sequence
755
 * @chip: TPM chip to use
756
 *
757
 * Returns 0 on success, < 0 in case of fatal error.
758
 */
759
int tpm2_auto_startup(struct tpm_chip *chip)
760
{
761
	int rc;
762

763
	rc = tpm2_get_timeouts(chip);
764
	if (rc)
765
		goto out;
766

767
	rc = tpm2_do_selftest(chip);
768
	if (rc && rc != TPM2_RC_INITIALIZE)
769
		goto out;
770

771
	if (rc == TPM2_RC_INITIALIZE) {
772
		rc = tpm2_startup(chip);
773
		if (rc)
774
			goto out;
775

776
		rc = tpm2_do_selftest(chip);
777
		if (rc)
778
			goto out;
779
	}
780

781
	rc = tpm2_get_cc_attrs_tbl(chip);
782
	if (rc == TPM2_RC_FAILURE || (rc < 0 && rc != -ENOMEM)) {
783
		dev_info(&chip->dev,
784
			 "TPM in field failure mode, requires firmware upgrade\n");
785
		chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
786
		rc = 0;
787
	}
788

789
	if (rc)
790
		goto out;
791

792
	rc = tpm2_sessions_init(chip);
793

794
out:
795
	/*
796
	 * Infineon TPM in field upgrade mode will return no data for the number
797
	 * of supported commands.
798
	 */
799
	if (rc == TPM2_RC_UPGRADE || rc == -ENODATA) {
800
		dev_info(&chip->dev, "TPM in field upgrade mode, requires firmware upgrade\n");
801
		chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
802
		rc = 0;
803
	}
804

805
	if (rc > 0)
806
		rc = -ENODEV;
807
	return rc;
808
}
809

810
int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
811
{
812
	u32 cc_mask;
813
	int i;
814

815
	cc_mask = 1 << TPM2_CC_ATTR_VENDOR | GENMASK(15, 0);
816
	for (i = 0; i < chip->nr_commands; i++)
817
		if (cc == (chip->cc_attrs_tbl[i] & cc_mask))
818
			return i;
819

820
	return -1;
821
}
822

823