1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Copyright (C) 2014, 2015 Intel Corporation
4
 *
5
 * Authors:
6
 * Jarkko Sakkinen <[email protected]>
7
 *
8
 * Maintained by: <[email protected]>
9
 *
10
 * This file contains TPM2 protocol implementations of the commands
11
 * used by the kernel internally.
12
 */
13

14
#include "linux/dev_printk.h"
15
#include "linux/tpm.h"
16
#include "tpm.h"
17
#include <crypto/hash_info.h>
18
#include <linux/unaligned.h>
19

20
static bool disable_pcr_integrity;
21
module_param(disable_pcr_integrity, bool, 0444);
22
MODULE_PARM_DESC(disable_pcr_integrity, "Disable integrity protection of TPM2_PCR_Extend");
23

24
struct tpm2_hash tpm2_hash_map[] = {
25
	{HASH_ALGO_SHA1, TPM_ALG_SHA1},
26
	{HASH_ALGO_SHA256, TPM_ALG_SHA256},
27
	{HASH_ALGO_SHA384, TPM_ALG_SHA384},
28
	{HASH_ALGO_SHA512, TPM_ALG_SHA512},
29
	{HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
30
};
31

32
int tpm2_find_hash_alg(unsigned int crypto_id)
33
{
34
	int i;
35

36
	for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++)
37
		if (crypto_id == tpm2_hash_map[i].crypto_id)
38
			return tpm2_hash_map[i].tpm_id;
39

40
	return -EINVAL;
41
}
42
EXPORT_SYMBOL_GPL(tpm2_find_hash_alg);
43

44
int tpm2_get_timeouts(struct tpm_chip *chip)
45
{
46
	chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
47
	chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
48
	chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
49
	chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
50
	chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
51
	return 0;
52
}
53

54
/*
55
 * Contains the maximum durations in milliseconds for TPM2 commands.
56
 */
57
static const struct {
58
	unsigned long ordinal;
59
	unsigned long duration;
60
} tpm2_ordinal_duration_map[] = {
61
	{TPM2_CC_STARTUP, 750},
62
	{TPM2_CC_SELF_TEST, 3000},
63
	{TPM2_CC_GET_RANDOM, 2000},
64
	{TPM2_CC_SEQUENCE_UPDATE, 750},
65
	{TPM2_CC_SEQUENCE_COMPLETE, 750},
66
	{TPM2_CC_EVENT_SEQUENCE_COMPLETE, 750},
67
	{TPM2_CC_HASH_SEQUENCE_START, 750},
68
	{TPM2_CC_VERIFY_SIGNATURE, 30000},
69
	{TPM2_CC_PCR_EXTEND, 750},
70
	{TPM2_CC_HIERARCHY_CONTROL, 2000},
71
	{TPM2_CC_HIERARCHY_CHANGE_AUTH, 2000},
72
	{TPM2_CC_GET_CAPABILITY, 750},
73
	{TPM2_CC_NV_READ, 2000},
74
	{TPM2_CC_CREATE_PRIMARY, 30000},
75
	{TPM2_CC_CREATE, 30000},
76
	{TPM2_CC_CREATE_LOADED, 30000},
77
};
78

79
/**
80
 * tpm2_calc_ordinal_duration() - Calculate the maximum command duration
81
 * @ordinal: TPM command ordinal.
82
 *
83
 * Returns the maximum amount of time the chip is expected by kernel to
84
 * take in jiffies.
85
 */
86
unsigned long tpm2_calc_ordinal_duration(u32 ordinal)
87
{
88
	int i;
89

90
	for (i = 0; i < ARRAY_SIZE(tpm2_ordinal_duration_map); i++)
91
		if (ordinal == tpm2_ordinal_duration_map[i].ordinal)
92
			return msecs_to_jiffies(tpm2_ordinal_duration_map[i].duration);
93

94
	return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
95
}
96

97
struct tpm2_pcr_read_out {
98
	__be32	update_cnt;
99
	__be32	pcr_selects_cnt;
100
	__be16	hash_alg;
101
	u8	pcr_select_size;
102
	u8	pcr_select[TPM2_PCR_SELECT_MIN];
103
	__be32	digests_cnt;
104
	__be16	digest_size;
105
	u8	digest[];
106
} __packed;
107

108
/**
109
 * tpm2_pcr_read() - read a PCR value
110
 * @chip:	TPM chip to use.
111
 * @pcr_idx:	index of the PCR to read.
112
 * @digest:	PCR bank and buffer current PCR value is written to.
113
 * @digest_size_ptr:	pointer to variable that stores the digest size.
114
 *
115
 * Return: Same as with tpm_transmit_cmd.
116
 */
117
int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
118
		  struct tpm_digest *digest, u16 *digest_size_ptr)
119
{
120
	int i;
121
	int rc;
122
	struct tpm_buf buf;
123
	struct tpm2_pcr_read_out *out;
124
	u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
125
	u16 digest_size;
126
	u16 expected_digest_size = 0;
127

128
	if (pcr_idx >= TPM2_PLATFORM_PCR)
129
		return -EINVAL;
130

131
	if (!digest_size_ptr) {
132
		for (i = 0; i < chip->nr_allocated_banks &&
133
		     chip->allocated_banks[i].alg_id != digest->alg_id; i++)
134
			;
135

136
		if (i == chip->nr_allocated_banks)
137
			return -EINVAL;
138

139
		expected_digest_size = chip->allocated_banks[i].digest_size;
140
	}
141

142
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
143
	if (rc)
144
		return rc;
145

146
	pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
147

148
	tpm_buf_append_u32(&buf, 1);
149
	tpm_buf_append_u16(&buf, digest->alg_id);
150
	tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
151
	tpm_buf_append(&buf, (const unsigned char *)pcr_select,
152
		       sizeof(pcr_select));
153

154
	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value");
155
	if (rc)
156
		goto out;
157

158
	out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
159
	digest_size = be16_to_cpu(out->digest_size);
160
	if (digest_size > sizeof(digest->digest) ||
161
	    (!digest_size_ptr && digest_size != expected_digest_size)) {
162
		rc = -EINVAL;
163
		goto out;
164
	}
165

166
	if (digest_size_ptr)
167
		*digest_size_ptr = digest_size;
168

169
	memcpy(digest->digest, out->digest, digest_size);
170
out:
171
	tpm_buf_destroy(&buf);
172
	return rc;
173
}
174

175
/**
176
 * tpm2_pcr_extend() - extend a PCR value
177
 *
178
 * @chip:	TPM chip to use.
179
 * @pcr_idx:	index of the PCR.
180
 * @digests:	list of pcr banks and corresponding digest values to extend.
181
 *
182
 * Return: Same as with tpm_transmit_cmd.
183
 */
184
int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
185
		    struct tpm_digest *digests)
186
{
187
	struct tpm_buf buf;
188
	int rc;
189
	int i;
190

191
	if (!disable_pcr_integrity) {
192
		rc = tpm2_start_auth_session(chip);
193
		if (rc)
194
			return rc;
195
	}
196

197
	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
198
	if (rc) {
199
		if (!disable_pcr_integrity)
200
			tpm2_end_auth_session(chip);
201
		return rc;
202
	}
203

204
	if (!disable_pcr_integrity) {
205
		rc = tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
206
		if (rc) {
207
			tpm_buf_destroy(&buf);
208
			return rc;
209
		}
210
		tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
211
	} else {
212
		tpm_buf_append_handle(chip, &buf, pcr_idx);
213
		tpm_buf_append_auth(chip, &buf, NULL, 0);
214
	}
215

216
	tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
217

218
	for (i = 0; i < chip->nr_allocated_banks; i++) {
219
		tpm_buf_append_u16(&buf, digests[i].alg_id);
220
		tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest,
221
			       chip->allocated_banks[i].digest_size);
222
	}
223

224
	if (!disable_pcr_integrity) {
225
		rc = tpm_buf_fill_hmac_session(chip, &buf);
226
		if (rc) {
227
			tpm_buf_destroy(&buf);
228
			return rc;
229
		}
230
	}
231

232
	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
233
	if (!disable_pcr_integrity)
234
		rc = tpm_buf_check_hmac_response(chip, &buf, rc);
235

236
	tpm_buf_destroy(&buf);
237

238
	return rc;
239
}
240

241
struct tpm2_get_random_out {
242
	__be16 size;
243
	u8 buffer[TPM_MAX_RNG_DATA];
244
} __packed;
245

246
/**
247
 * tpm2_get_random() - get random bytes from the TPM RNG
248
 *
249
 * @chip:	a &tpm_chip instance
250
 * @dest:	destination buffer
251
 * @max:	the max number of random bytes to pull
252
 *
253
 * Return:
254
 *   size of the buffer on success,
255
 *   -errno otherwise (positive TPM return codes are masked to -EIO)
256
 */
257
int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
258
{
259
	struct tpm2_get_random_out *out;
260
	struct tpm_header *head;
261
	struct tpm_buf buf;
262
	u32 recd;
263
	u32 num_bytes = max;
264
	int err;
265
	int total = 0;
266
	int retries = 5;
267
	u8 *dest_ptr = dest;
268
	off_t offset;
269

270
	if (!num_bytes || max > TPM_MAX_RNG_DATA)
271
		return -EINVAL;
272

273
	err = tpm2_start_auth_session(chip);
274
	if (err)
275
		return err;
276

277
	err = tpm_buf_init(&buf, 0, 0);
278
	if (err) {
279
		tpm2_end_auth_session(chip);
280
		return err;
281
	}
282

283
	do {
284
		tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
285
		if (tpm2_chip_auth(chip)) {
286
			tpm_buf_append_hmac_session(chip, &buf,
287
						    TPM2_SA_ENCRYPT |
288
						    TPM2_SA_CONTINUE_SESSION,
289
						    NULL, 0);
290
		} else  {
291
			offset = buf.handles * 4 + TPM_HEADER_SIZE;
292
			head = (struct tpm_header *)buf.data;
293
			if (tpm_buf_length(&buf) == offset)
294
				head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
295
		}
296
		tpm_buf_append_u16(&buf, num_bytes);
297
		err = tpm_buf_fill_hmac_session(chip, &buf);
298
		if (err) {
299
			tpm_buf_destroy(&buf);
300
			return err;
301
		}
302

303
		err = tpm_transmit_cmd(chip, &buf,
304
				       offsetof(struct tpm2_get_random_out,
305
						buffer),
306
				       "attempting get random");
307
		err = tpm_buf_check_hmac_response(chip, &buf, err);
308
		if (err) {
309
			if (err > 0)
310
				err = -EIO;
311
			goto out;
312
		}
313

314
		head = (struct tpm_header *)buf.data;
315
		offset = TPM_HEADER_SIZE;
316
		/* Skip the parameter size field: */
317
		if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
318
			offset += 4;
319

320
		out = (struct tpm2_get_random_out *)&buf.data[offset];
321
		recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
322
		if (tpm_buf_length(&buf) <
323
		    TPM_HEADER_SIZE +
324
		    offsetof(struct tpm2_get_random_out, buffer) +
325
		    recd) {
326
			err = -EFAULT;
327
			goto out;
328
		}
329
		memcpy(dest_ptr, out->buffer, recd);
330

331
		dest_ptr += recd;
332
		total += recd;
333
		num_bytes -= recd;
334
	} while (retries-- && total < max);
335

336
	tpm_buf_destroy(&buf);
337

338
	return total ? total : -EIO;
339
out:
340
	tpm_buf_destroy(&buf);
341
	tpm2_end_auth_session(chip);
342
	return err;
343
}
344

345
/**
346
 * tpm2_flush_context() - execute a TPM2_FlushContext command
347
 * @chip:	TPM chip to use
348
 * @handle:	context handle
349
 */
350
void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
351
{
352
	struct tpm_buf buf;
353
	int rc;
354

355
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
356
	if (rc) {
357
		dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
358
			 handle);
359
		return;
360
	}
361

362
	tpm_buf_append_u32(&buf, handle);
363

364
	tpm_transmit_cmd(chip, &buf, 0, "flushing context");
365
	tpm_buf_destroy(&buf);
366
}
367
EXPORT_SYMBOL_GPL(tpm2_flush_context);
368

369
struct tpm2_get_cap_out {
370
	u8 more_data;
371
	__be32 subcap_id;
372
	__be32 property_cnt;
373
	__be32 property_id;
374
	__be32 value;
375
} __packed;
376

377
/**
378
 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
379
 * @chip:		a &tpm_chip instance
380
 * @property_id:	property ID.
381
 * @value:		output variable.
382
 * @desc:		passed to tpm_transmit_cmd()
383
 *
384
 * Return:
385
 *   0 on success,
386
 *   -errno or a TPM return code otherwise
387
 */
388
ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,  u32 *value,
389
			const char *desc)
390
{
391
	struct tpm2_get_cap_out *out;
392
	struct tpm_buf buf;
393
	int rc;
394

395
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
396
	if (rc)
397
		return rc;
398
	tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
399
	tpm_buf_append_u32(&buf, property_id);
400
	tpm_buf_append_u32(&buf, 1);
401
	rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
402
	if (!rc) {
403
		out = (struct tpm2_get_cap_out *)
404
			&buf.data[TPM_HEADER_SIZE];
405
		/*
406
		 * To prevent failing boot up of some systems, Infineon TPM2.0
407
		 * returns SUCCESS on TPM2_Startup in field upgrade mode. Also
408
		 * the TPM2_Getcapability command returns a zero length list
409
		 * in field upgrade mode.
410
		 */
411
		if (be32_to_cpu(out->property_cnt) > 0)
412
			*value = be32_to_cpu(out->value);
413
		else
414
			rc = -ENODATA;
415
	}
416
	tpm_buf_destroy(&buf);
417
	return rc;
418
}
419
EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
420

421
/**
422
 * tpm2_shutdown() - send a TPM shutdown command
423
 *
424
 * Sends a TPM shutdown command. The shutdown command is used in call
425
 * sites where the system is going down. If it fails, there is not much
426
 * that can be done except print an error message.
427
 *
428
 * @chip:		a &tpm_chip instance
429
 * @shutdown_type:	TPM_SU_CLEAR or TPM_SU_STATE.
430
 */
431
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
432
{
433
	struct tpm_buf buf;
434
	int rc;
435

436
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN);
437
	if (rc)
438
		return;
439
	tpm_buf_append_u16(&buf, shutdown_type);
440
	tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM");
441
	tpm_buf_destroy(&buf);
442
}
443

444
/**
445
 * tpm2_do_selftest() - ensure that all self tests have passed
446
 *
447
 * @chip: TPM chip to use
448
 *
449
 * Return: Same as with tpm_transmit_cmd.
450
 *
451
 * The TPM can either run all self tests synchronously and then return
452
 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests
453
 * asynchronously and return RC_TESTING immediately while the self tests still
454
 * execute in the background. This function handles both cases and waits until
455
 * all tests have completed.
456
 */
457
static int tpm2_do_selftest(struct tpm_chip *chip)
458
{
459
	struct tpm_buf buf;
460
	int full;
461
	int rc;
462

463
	for (full = 0; full < 2; full++) {
464
		rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
465
		if (rc)
466
			return rc;
467

468
		tpm_buf_append_u8(&buf, full);
469
		rc = tpm_transmit_cmd(chip, &buf, 0,
470
				      "attempting the self test");
471
		tpm_buf_destroy(&buf);
472

473
		if (rc == TPM2_RC_TESTING)
474
			rc = TPM2_RC_SUCCESS;
475
		if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
476
			return rc;
477
	}
478

479
	return rc;
480
}
481

482
/**
483
 * tpm2_probe() - probe for the TPM 2.0 protocol
484
 * @chip:	a &tpm_chip instance
485
 *
486
 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the
487
 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by
488
 * this function if this is the case.
489
 *
490
 * Return:
491
 *   0 on success,
492
 *   -errno otherwise
493
 */
494
int tpm2_probe(struct tpm_chip *chip)
495
{
496
	struct tpm_header *out;
497
	struct tpm_buf buf;
498
	int rc;
499

500
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
501
	if (rc)
502
		return rc;
503
	tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
504
	tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS);
505
	tpm_buf_append_u32(&buf, 1);
506
	rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
507
	/* We ignore TPM return codes on purpose. */
508
	if (rc >=  0) {
509
		out = (struct tpm_header *)buf.data;
510
		if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS)
511
			chip->flags |= TPM_CHIP_FLAG_TPM2;
512
	}
513
	tpm_buf_destroy(&buf);
514
	return 0;
515
}
516
EXPORT_SYMBOL_GPL(tpm2_probe);
517

518
static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
519
{
520
	struct tpm_bank_info *bank = chip->allocated_banks + bank_index;
521
	struct tpm_digest digest = { .alg_id = bank->alg_id };
522
	int i;
523

524
	/*
525
	 * Avoid unnecessary PCR read operations to reduce overhead
526
	 * and obtain identifiers of the crypto subsystem.
527
	 */
528
	for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
529
		enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
530

531
		if (bank->alg_id != tpm2_hash_map[i].tpm_id)
532
			continue;
533

534
		bank->digest_size = hash_digest_size[crypto_algo];
535
		bank->crypto_id = crypto_algo;
536
		return 0;
537
	}
538

539
	bank->crypto_id = HASH_ALGO__LAST;
540

541
	return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
542
}
543

544
struct tpm2_pcr_selection {
545
	__be16  hash_alg;
546
	u8  size_of_select;
547
	u8  pcr_select[3];
548
} __packed;
549

550
ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
551
{
552
	struct tpm2_pcr_selection pcr_selection;
553
	struct tpm_buf buf;
554
	void *marker;
555
	void *end;
556
	void *pcr_select_offset;
557
	u32 sizeof_pcr_selection;
558
	u32 nr_possible_banks;
559
	u32 nr_alloc_banks = 0;
560
	u16 hash_alg;
561
	u32 rsp_len;
562
	int rc;
563
	int i = 0;
564

565
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
566
	if (rc)
567
		return rc;
568

569
	tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
570
	tpm_buf_append_u32(&buf, 0);
571
	tpm_buf_append_u32(&buf, 1);
572

573
	rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation");
574
	if (rc)
575
		goto out;
576

577
	nr_possible_banks = be32_to_cpup(
578
		(__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
579
	if (nr_possible_banks > TPM2_MAX_PCR_BANKS) {
580
		pr_err("tpm: out of bank capacity: %u > %u\n",
581
		       nr_possible_banks, TPM2_MAX_PCR_BANKS);
582
		rc = -ENOMEM;
583
		goto out;
584
	}
585

586
	marker = &buf.data[TPM_HEADER_SIZE + 9];
587

588
	rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
589
	end = &buf.data[rsp_len];
590

591
	for (i = 0; i < nr_possible_banks; i++) {
592
		pcr_select_offset = marker +
593
			offsetof(struct tpm2_pcr_selection, size_of_select);
594
		if (pcr_select_offset >= end) {
595
			rc = -EFAULT;
596
			break;
597
		}
598

599
		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
600
		hash_alg = be16_to_cpu(pcr_selection.hash_alg);
601

602
		pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0,
603
					       pcr_selection.size_of_select);
604
		if (pcr_select_offset) {
605
			chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg;
606

607
			rc = tpm2_init_bank_info(chip, nr_alloc_banks);
608
			if (rc < 0)
609
				break;
610

611
			nr_alloc_banks++;
612
		}
613

614
		sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
615
			sizeof(pcr_selection.size_of_select) +
616
			pcr_selection.size_of_select;
617
		marker = marker + sizeof_pcr_selection;
618
	}
619

620
	chip->nr_allocated_banks = nr_alloc_banks;
621
out:
622
	tpm_buf_destroy(&buf);
623

624
	return rc;
625
}
626

627
int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
628
{
629
	struct tpm_buf buf;
630
	u32 nr_commands;
631
	__be32 *attrs;
632
	u32 cc;
633
	int i;
634
	int rc;
635

636
	rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
637
	if (rc)
638
		goto out;
639

640
	if (nr_commands > 0xFFFFF) {
641
		rc = -EFAULT;
642
		goto out;
643
	}
644

645
	chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
646
					  GFP_KERNEL);
647
	if (!chip->cc_attrs_tbl) {
648
		rc = -ENOMEM;
649
		goto out;
650
	}
651

652
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
653
	if (rc)
654
		goto out;
655

656
	tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
657
	tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
658
	tpm_buf_append_u32(&buf, nr_commands);
659

660
	rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL);
661
	if (rc) {
662
		tpm_buf_destroy(&buf);
663
		goto out;
664
	}
665

666
	if (nr_commands !=
667
	    be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
668
		rc = -EFAULT;
669
		tpm_buf_destroy(&buf);
670
		goto out;
671
	}
672

673
	chip->nr_commands = nr_commands;
674

675
	attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
676
	for (i = 0; i < nr_commands; i++, attrs++) {
677
		chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
678
		cc = chip->cc_attrs_tbl[i] & 0xFFFF;
679

680
		if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
681
			chip->cc_attrs_tbl[i] &=
682
				~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
683
			chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
684
		}
685
	}
686

687
	tpm_buf_destroy(&buf);
688

689
out:
690
	if (rc > 0)
691
		rc = -ENODEV;
692
	return rc;
693
}
694
EXPORT_SYMBOL_GPL(tpm2_get_cc_attrs_tbl);
695

696
/**
697
 * tpm2_startup - turn on the TPM
698
 * @chip: TPM chip to use
699
 *
700
 * Normally the firmware should start the TPM. This function is provided as a
701
 * workaround if this does not happen. A legal case for this could be for
702
 * example when a TPM emulator is used.
703
 *
704
 * Return: same as tpm_transmit_cmd()
705
 */
706

707
static int tpm2_startup(struct tpm_chip *chip)
708
{
709
	struct tpm_buf buf;
710
	int rc;
711

712
	dev_info(&chip->dev, "starting up the TPM manually\n");
713

714
	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP);
715
	if (rc < 0)
716
		return rc;
717

718
	tpm_buf_append_u16(&buf, TPM2_SU_CLEAR);
719
	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
720
	tpm_buf_destroy(&buf);
721

722
	return rc;
723
}
724

725
/**
726
 * tpm2_auto_startup - Perform the standard automatic TPM initialization
727
 *                     sequence
728
 * @chip: TPM chip to use
729
 *
730
 * Returns 0 on success, < 0 in case of fatal error.
731
 */
732
int tpm2_auto_startup(struct tpm_chip *chip)
733
{
734
	int rc;
735

736
	rc = tpm2_get_timeouts(chip);
737
	if (rc)
738
		goto out;
739

740
	rc = tpm2_do_selftest(chip);
741
	if (rc && rc != TPM2_RC_INITIALIZE)
742
		goto out;
743

744
	if (rc == TPM2_RC_INITIALIZE) {
745
		rc = tpm2_startup(chip);
746
		if (rc)
747
			goto out;
748

749
		rc = tpm2_do_selftest(chip);
750
		if (rc)
751
			goto out;
752
	}
753

754
	rc = tpm2_get_cc_attrs_tbl(chip);
755
	if (rc == TPM2_RC_FAILURE || (rc < 0 && rc != -ENOMEM)) {
756
		dev_info(&chip->dev,
757
			 "TPM in field failure mode, requires firmware upgrade\n");
758
		chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
759
		rc = 0;
760
	}
761

762
	if (rc)
763
		goto out;
764

765
	rc = tpm2_sessions_init(chip);
766

767
out:
768
	/*
769
	 * Infineon TPM in field upgrade mode will return no data for the number
770
	 * of supported commands.
771
	 */
772
	if (rc == TPM2_RC_UPGRADE || rc == -ENODATA) {
773
		dev_info(&chip->dev, "TPM in field upgrade mode, requires firmware upgrade\n");
774
		chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
775
		rc = 0;
776
	}
777

778
	if (rc > 0)
779
		rc = -ENODEV;
780
	return rc;
781
}
782

783
int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
784
{
785
	u32 cc_mask;
786
	int i;
787

788
	cc_mask = 1 << TPM2_CC_ATTR_VENDOR | GENMASK(15, 0);
789
	for (i = 0; i < chip->nr_commands; i++)
790
		if (cc == (chip->cc_attrs_tbl[i] & cc_mask))
791
			return i;
792

793
	return -1;
794
}
795

796