[tpmdd-devel] [PATCH] tpm_crb: check for bad response size

[Jerry Snitselaar]

Make sure size of response buffer is at least 6 bytes, or
we will underflow and pass large size_t to memcpy_fromio().
This was encountered while testing earlier version of
locality patchset.

Fixes: 30fc8d138e912 ("tpm: TPM 2.0 CRB Interface")
Signed-off-by: Jerry Snitselaar 
---
 drivers/char/tpm/tpm_crb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index 89dc8a176ff1..cda4f312d1c9 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -236,7 +236,7 @@ static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t 
count)
 
memcpy_fromio(buf, priv->rsp, 6);
expected = be32_to_cpup((__be32 *) [2]);
-   if (expected > count)
+   if (expected > count || expected < 6)
return -EIO;
 
memcpy_fromio([6], >rsp[6], expected - 6);
-- 
2.11.0.258.ge05806da9


--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH] tpm_crb: request and relinquish locality 0

[Jason Gunthorpe]

On Sat, Mar 11, 2017 at 01:58:00AM +0200, Jarkko Sakkinen wrote:
> Added two new callbacks to struct tpm_class_ops:
> 
> - request_locality
> - relinquish_locality
> 
> These are called before sending and receiving data from the TPM.

If we are going to add new ops, I think we should also adjust the
existing drivers to use this mechanism as well?

eg tis just calls its request_locality as the first thing in send..

Jason

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

[tpmdd-devel] [PATCH] tpm_crb: request and relinquish locality 0

[Jarkko Sakkinen]

Added two new callbacks to struct tpm_class_ops:

- request_locality
- relinquish_locality

These are called before sending and receiving data from the TPM.

Signed-off-by: Jarkko Sakkinen 
---
 drivers/char/tpm/tpm-interface.c |  9 +
 drivers/char/tpm/tpm_crb.c   | 41 +++-
 include/linux/tpm.h  |  3 ++-
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index bd2128e..ae6aafa 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -369,6 +369,12 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const u8 *buf, 
size_t bufsiz,
if (chip->dev.parent)
pm_runtime_get_sync(chip->dev.parent);
 
+   if (chip->ops->request_locality)  {
+   rc = chip->ops->request_locality(chip);
+   if (rc)
+   goto out;
+   }
+
rc = chip->ops->send(chip, (u8 *) buf, count);
if (rc < 0) {
dev_err(>dev,
@@ -410,6 +416,9 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const u8 *buf, 
size_t bufsiz,
dev_err(>dev,
"tpm_transmit: tpm_recv: error %zd\n", rc);
 out:
+   if (chip->ops->relinquish_locality)
+   chip->ops->relinquish_locality(chip);
+
if (chip->dev.parent)
pm_runtime_put_sync(chip->dev.parent);
 
diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index 3245618..89dc8a176 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -34,6 +34,15 @@ enum crb_defaults {
CRB_ACPI_START_INDEX = 1,
 };
 
+enum crb_loc_ctrl {
+   CRB_LOC_CTRL_REQUEST_ACCESS = BIT(0),
+   CRB_LOC_CTRL_RELINQUISH = BIT(1),
+};
+
+enum crb_loc_state {
+   CRB_LOC_STATE_LOC_ASSIGNED  = BIT(1),
+};
+
 enum crb_ctrl_req {
CRB_CTRL_REQ_CMD_READY  = BIT(0),
CRB_CTRL_REQ_GO_IDLE= BIT(1),
@@ -172,6 +181,35 @@ static int __maybe_unused crb_cmd_ready(struct device *dev,
return 0;
 }
 
+static int crb_request_locality(struct tpm_chip *chip)
+{
+   struct crb_priv *priv = dev_get_drvdata(>dev);
+
+   if (!priv->regs_h)
+   return 0;
+
+   iowrite32(CRB_LOC_CTRL_REQUEST_ACCESS, >regs_h->loc_ctrl);
+   if (!crb_wait_for_reg_32(>regs_h->loc_state,
+CRB_LOC_STATE_LOC_ASSIGNED, /* mask */
+CRB_LOC_STATE_LOC_ASSIGNED, /* value */
+TPM2_TIMEOUT_C)) {
+   dev_warn(>dev, "TPM_LOC_STATE_x.requestAccess timed 
out\n");
+   return -ETIME;
+   }
+
+   return 0;
+}
+
+static void crb_relinquish_locality(struct tpm_chip *chip)
+{
+   struct crb_priv *priv = dev_get_drvdata(>dev);
+
+   if (!priv->regs_h)
+   return;
+
+   iowrite32(CRB_LOC_CTRL_RELINQUISH, >regs_h->loc_ctrl);
+}
+
 static u8 crb_status(struct tpm_chip *chip)
 {
struct crb_priv *priv = dev_get_drvdata(>dev);
@@ -198,7 +236,6 @@ static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t 
count)
 
memcpy_fromio(buf, priv->rsp, 6);
expected = be32_to_cpup((__be32 *) [2]);
-
if (expected > count)
return -EIO;
 
@@ -279,6 +316,8 @@ static const struct tpm_class_ops tpm_crb = {
.send = crb_send,
.cancel = crb_cancel,
.req_canceled = crb_req_canceled,
+   .request_locality = crb_request_locality,
+   .relinquish_locality = crb_relinquish_locality,
.req_complete_mask = CRB_DRV_STS_COMPLETE,
.req_complete_val = CRB_DRV_STS_COMPLETE,
 };
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index da158f0..0ac6ea6 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -48,7 +48,8 @@ struct tpm_class_ops {
u8 (*status) (struct tpm_chip *chip);
bool (*update_timeouts)(struct tpm_chip *chip,
unsigned long *timeout_cap);
-
+   int (*request_locality)(struct tpm_chip *chip);
+   void (*relinquish_locality)(struct tpm_chip *chip);
 };
 
 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
-- 
2.9.3


--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] Support for Crypto Agile format in IMA

[Mimi Zohar]

On Fri, 2017-03-10 at 17:28 +0100, Roberto Sassu wrote:
> On 3/10/2017 4:36 PM, Ken Goldman wrote:
> > It's not a TCG standard, just a way of making sure the unused PCR bank
> > doesn't remain at zero, permitting forged measurements.
> >
> > As for the verifier, I ignore the bank I'm not interested in.  I don't
> > verify the truncated/padded bank.
> 
> Truncated/padded digests are needed, if after kexec different banks
> can be selected.

Right.  In our use case scenario, the initial Linux is Petitboot, a boot
loader, while the kexec'ed kernel image can be a distro or custom image.

Mimi
 
> This issue does not arise if all banks are extended only once,
> during IMA initialization. All digests should be passed to a new
> function defined in the TPM driver.
> 
> Roberto


--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

[tpmdd-devel] [PATCH v1 1/2] tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver

[Nayna Jain]

Commit 500462a9de65 "timers: Switch to a non-cascading wheel" replaced
the 'classic' timer wheel, which aimed for near 'exact' expiry of the
timers.  Their analysis was that the vast majority of timeout timers
are used as safeguards, not as real timers, and are cancelled or
rearmed before expiration.  The only exception noted to this were
networking timers with a small expiry time.

Not included in the analysis was the TPM polling timer, which resulted
in a longer normal delay and, every so often, a very long delay.  The
non-cascading wheel delay is based on CONFIG_HZ.  For a description of
the different rings and their delays, refer to the comments in
kernel/time/timer.c.

Below are the delays given for rings 0 - 2, which explains the longer
"normal" delays and the very, long delays as seen on systems with
CONFIG_HZ 250.

* HZ 1000 steps
 * Level Offset  GranularityRange
 *  0  0 1 ms0 ms - 63 ms
 *  1 64 8 ms   64 ms - 511 ms
 *  212864 ms  512 ms - 4095 ms (512ms - ~4s)

* HZ  250
 * Level Offset  GranularityRange
 *  0  0 4 ms0 ms - 255 ms
 *  1 6432 ms  256 ms - 2047 ms (256ms - ~2s)
 *  2128   256 ms 2048 ms - 16383 ms (~2s - ~16s)

Below is a comparison of extending the TPM with 1000 measurements,
using msleep() vs. usleep_delay() when configured for 1000 hz vs. 250
hz, before and after commit 500462a9de65.

linux-4.7 | msleep() usleep_range()
1000 hz: 0m44.628s | 1m34.497s 29.243s
250 hz: 1m28.510s | 4m49.269s 32.386s

linux-4.7  | min-max (msleep)  min-max (usleep_range)
1000 hz: 0:017 - 2:760s | 0:015 - 3:967s0:014 - 0:418s
250 hz: 0:028 - 1:954s | 0:040 - 4:096s0:016 - 0:816s

This patch replaces the msleep() with usleep_range() calls in the
i2c nuvoton driver with a consistent max range value.

Signed-of-by: Mimi Zohar 
Cc: sta...@vger.kernel.org (linux-4.8)
Signed-off-by: Nayna Jain 
---
Changelog v1:

- Included Jason's feedbacks related to #defines.

 drivers/char/tpm/tpm_i2c_nuvoton.c | 23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c 
b/drivers/char/tpm/tpm_i2c_nuvoton.c
index e3a9155..0c98c42 100644
--- a/drivers/char/tpm/tpm_i2c_nuvoton.c
+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
@@ -49,9 +49,10 @@
  */
 #define TPM_I2C_MAX_BUF_SIZE   32
 #define TPM_I2C_RETRY_COUNT32
-#define TPM_I2C_BUS_DELAY  1   /* msec */
-#define TPM_I2C_RETRY_DELAY_SHORT  2   /* msec */
-#define TPM_I2C_RETRY_DELAY_LONG   10  /* msec */
+#define TPM_I2C_BUS_DELAY  1000/* usec */
+#define TPM_I2C_RETRY_DELAY_SHORT  (2 * 1000)  /* usec */
+#define TPM_I2C_RETRY_DELAY_LONG   (10 * 1000) /* usec */
+#define TPM_I2C_DELAY_RANGE300 /* usec */
 
 #define OF_IS_TPM2 ((void *)1)
 #define I2C_IS_TPM2 1
@@ -123,7 +124,8 @@ static s32 i2c_nuvoton_write_status(struct i2c_client 
*client, u8 data)
/* this causes the current command to be aborted */
for (i = 0, status = -1; i < TPM_I2C_RETRY_COUNT && status < 0; i++) {
status = i2c_nuvoton_write_buf(client, TPM_STS, 1, );
-   msleep(TPM_I2C_BUS_DELAY);
+   usleep_range(TPM_I2C_BUS_DELAY, TPM_I2C_BUS_DELAY
++ TPM_I2C_DELAY_RANGE);
}
return status;
 }
@@ -160,7 +162,8 @@ static int i2c_nuvoton_get_burstcount(struct i2c_client 
*client,
burst_count = min_t(u8, TPM_I2C_MAX_BUF_SIZE, data);
break;
}
-   msleep(TPM_I2C_BUS_DELAY);
+   usleep_range(TPM_I2C_BUS_DELAY, TPM_I2C_BUS_DELAY
++ TPM_I2C_DELAY_RANGE);
} while (time_before(jiffies, stop));
 
return burst_count;
@@ -203,13 +206,17 @@ static int i2c_nuvoton_wait_for_stat(struct tpm_chip 
*chip, u8 mask, u8 value,
return 0;
 
/* use polling to wait for the event */
-   ten_msec = jiffies + msecs_to_jiffies(TPM_I2C_RETRY_DELAY_LONG);
+   ten_msec = jiffies + usecs_to_jiffies(TPM_I2C_RETRY_DELAY_LONG);
stop = jiffies + timeout;
do {
if (time_before(jiffies, ten_msec))
-   msleep(TPM_I2C_RETRY_DELAY_SHORT);
+   usleep_range(TPM_I2C_RETRY_DELAY_SHORT,
+TPM_I2C_RETRY_DELAY_SHORT
++ TPM_I2C_DELAY_RANGE);
else
-   msleep(TPM_I2C_RETRY_DELAY_LONG);
+   usleep_range(TPM_I2C_RETRY_DELAY_LONG,
+

Re: [tpmdd-devel] [PATCH 1/3] ACPICA: Update TPM2 ACPI table

[Jiandi An]

On 03/10/17 09:35, Moore, Robert wrote:
> This appears to be the latest version on the TCG website:
>
> *TCG ACPI Specification for Family 1.2 and 2.0, Level 00, Revision 00.37
> December 19, 2014
>
> Which is what ACPICA is using.
>
> Please send me a link to a newer version if you have it.

Hi Bob,
Here is the link to "TCG ACPI Specification Family "1.2" and "2.0" 
Version 1.2 Revision 8".  Thanks.

https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification-Family-1.2-and-2.0-Ver1.2-Rev8_public-reviepdf

https://trustedcomputinggroup.org/specifications-public-review/

> Thanks,
> Bob
>
>> -Original Message-
>> From: Jiandi An [mailto:anjia...@codeaurora.org]
>> Sent: Friday, March 10, 2017 1:58 AM
>> To: tpmdd-devel@lists.sourceforge.net
>> Cc: peterhu...@gmx.de; tp...@selhorst.net;
>> jarkko.sakki...@linux.intel.com; jguntho...@obsidianresearch.com; Moore,
>> Robert ; Zheng, Lv ;
>> Wysocki, Rafael J ; l...@kernel.org; Jiandi
>> An 
>> Subject: [PATCH 1/3] ACPICA: Update TPM2 ACPI table
>>
>> TCG ACPI Specification Family "1.2" and "2.0" Version 1.2 Revision 8
>> introduces new start method for ARM SMC.
>>
>> - Add new start method (type 11) for ARM SMC
>> - Add start method specific parameters for ARM SMC start method
>>
>> Signed-off-by: Jiandi An 
>> ---
>>   drivers/char/tpm/tpm_crb.c |  6 +-
>>   drivers/char/tpm/tpm_tis.c |  6 +-
>>   include/acpi/actbl2.h  | 12 
>>   3 files changed, 22 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
>> index cb6fb13..089fcf8 100644
>> --- a/drivers/char/tpm/tpm_crb.c
>> +++ b/drivers/char/tpm/tpm_crb.c
>> @@ -410,12 +410,16 @@ static int crb_acpi_add(struct acpi_device
>> *device)
>>  struct tpm_chip *chip;
>>  struct device *dev = >dev;
>>  acpi_status status;
>> +u32 default_len;
>>  u32 sm;
>>  int rc;
>>
>> +default_len = sizeof(struct acpi_table_tpm2) -
>> +  sizeof(union platform_params);
>> +
>>  status = acpi_get_table(ACPI_SIG_TPM2, 1,
>>  (struct acpi_table_header **) );
>> -if (ACPI_FAILURE(status) || buf->header.length < sizeof(*buf)) {
>> +if (ACPI_FAILURE(status) || buf->header.length < default_len) {
>>  dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n");
>>  return -EINVAL;
>>  }
>> diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
>> index c7e1384..0e2e5f6 100644
>> --- a/drivers/char/tpm/tpm_tis.c
>> +++ b/drivers/char/tpm/tpm_tis.c
>> @@ -253,11 +253,15 @@ static int tpm_tis_acpi_init(struct acpi_device
>> *acpi_dev)
>>  acpi_status st;
>>  struct list_head resources;
>>  struct tpm_info tpm_info = {};
>> +u32 default_len;
>>  int ret;
>>
>> +default_len = sizeof(struct acpi_table_tpm2) -
>> +  sizeof(union platform_params);
>> +
>>  st = acpi_get_table(ACPI_SIG_TPM2, 1,
>>  (struct acpi_table_header **) );
>> -if (ACPI_FAILURE(st) || tbl->header.length < sizeof(*tbl)) {
>> +if (ACPI_FAILURE(st) || tbl->header.length < default_len) {
>>  dev_err(_dev->dev,
>>  FW_BUG "failed to get TPM2 ACPI table\n");
>>  return -EINVAL;
>> diff --git a/include/acpi/actbl2.h b/include/acpi/actbl2.h index
>> 7aee9fb..9612049 100644
>> --- a/include/acpi/actbl2.h
>> +++ b/include/acpi/actbl2.h
>> @@ -1277,6 +1277,14 @@ struct acpi_table_tcpa_server {
>>*
>>
>> 
>> **/
>>
>> +struct tpm2_crb_smc {
>> +u32 interrupt;
>> +u8 interrupt_flags;
>> +u8 op_flags;
>> +u16 reserved2;
>> +u32 smc_func_id;
>> +};
>> +
>>   struct acpi_table_tpm2 {
>>  struct acpi_table_header header;/* Common ACPI table header
>> */
>>  u16 platform_class;
>> @@ -1285,6 +1293,9 @@ struct acpi_table_tpm2 {
>>  u32 start_method;
>>
>>  /* Platform-specific data follows */
>> +union platform_params {
>> +struct tpm2_crb_smc smc_params;
>> +} platform_data;
>>   };
>>
>>   /* Values for start_method above */
>> @@ -1294,6 +1305,7 @@ struct acpi_table_tpm2 {
>>   #define ACPI_TPM2_MEMORY_MAPPED 6
>>   #define ACPI_TPM2_COMMAND_BUFFER7
>>   #define ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD  8
>> +#define ACPI_TPM2_COMMAND_BUFFER_WITH_SMC  11
>>
>>
>> /***
>> 
>>*
>> --
>> Jiandi An
>> Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
>> Technologies, Inc.
>> Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a
>> Linux Foundation Collaborative Project.
>


-- 
Qualcomm Datacenter Technologies, Inc.
as an 

Re: [tpmdd-devel] [PATCH 2/3] tpm: Add start method for ARM Secure Monitor Call

[Jason Gunthorpe]

On Fri, Mar 10, 2017 at 03:58:08AM -0600, Jiandi An wrote:

> +/*
> + * This is a TPM Command Response Buffer start method that invokes a
> + * Secure Monitor Call to requrest the firmware to execute or cancel
> + * a TPM 2.0 command.
> + */
> +static inline int tpm_crb_smc_start(unsigned long func_id)
> +{
> + struct arm_smccc_res res;
> +
> + arm_smccc_smc(func_id, 0, 0, 0, 0, 0, 0, 0, );
> + if (res.a0 != 0) {
> + WARN(1, "tpm_crb_smc_start() returns res.a0 = 0x%lx\n", res.a0);
> + return -EIO;

I don't think either of these WARN's are appropriate.

'dev_err(FIRMWARE_BUG'  would be better.

Jason

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] Support for Crypto Agile format in IMA

[Roberto Sassu]

On 3/10/2017 4:36 PM, Ken Goldman wrote:
> It's not a TCG standard, just a way of making sure the unused PCR bank
> doesn't remain at zero, permitting forged measurements.
>
> As for the verifier, I ignore the bank I'm not interested in.  I don't
> verify the truncated/padded bank.

Truncated/padded digests are needed, if after kexec different banks
can be selected.

This issue does not arise if all banks are extended only once,
during IMA initialization. All digests should be passed to a new
function defined in the TPM driver.

Roberto

--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] Support for Crypto Agile format in IMA

[Ken Goldman]

On 3/8/2017 4:58 AM, Roberto Sassu wrote:
>
> Regarding modifying the digest before it is passed to the extend
> function, can truncating/padding with zeros be considered
> a standard? If not, verifiers have to look at the software
> implementation, in order to find how the digest was modified.
> I add in CC tpmdd-devel@lists.sourceforge.net also here.

It's not a TCG standard, just a way of making sure the unused PCR bank 
doesn't remain at zero, permitting forged measurements.

As for the verifier, I ignore the bank I'm not interested in.  I don't 
verify the truncated/padded bank.





--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

[tpmdd-devel] [PATCH 3/3] tpm/tpm_crb: Enable TPM CRB interface for ARM64

[Jiandi An]

This enables TPM Command Response Buffer interface driver for
ARM64 and implements an ARM specific TPM CRB start method that
invokes a Secure Monitor Call to request the Firmware to execute
or cancel a TPM 2.0 command.

Signed-off-by: Jiandi An 
---
 drivers/char/tpm/Kconfig   |  2 +-
 drivers/char/tpm/tpm_crb.c | 24 ++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index d520ac5..9659f40 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -136,7 +136,7 @@ config TCG_XEN
 
 config TCG_CRB
tristate "TPM 2.0 CRB Interface"
-   depends on X86 && ACPI
+   depends on (X86 || ARM64) && ACPI
---help---
  If you have a TPM security chip that is compliant with the
  TCG CRB 2.0 TPM specification say Yes and it will be accessible
diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index 089fcf8..d29a84a 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -73,6 +73,7 @@ enum crb_status {
 enum crb_flags {
CRB_FL_ACPI_START   = BIT(0),
CRB_FL_CRB_START= BIT(1),
+   CRB_FL_CRB_SMC_START= BIT(2),
 };
 
 struct crb_priv {
@@ -82,6 +83,7 @@ struct crb_priv {
u8 __iomem *cmd;
u8 __iomem *rsp;
u32 cmd_size;
+   u32 smc_func_id;
 };
 
 /**
@@ -101,7 +103,8 @@ struct crb_priv {
  */
 static int __maybe_unused crb_go_idle(struct device *dev, struct crb_priv 
*priv)
 {
-   if (priv->flags & CRB_FL_ACPI_START)
+   if ((priv->flags & CRB_FL_ACPI_START) ||
+   (priv->flags & CRB_FL_CRB_SMC_START))
return 0;
 
iowrite32(CRB_CTRL_REQ_GO_IDLE, >cca->req);
@@ -129,7 +132,8 @@ static int __maybe_unused crb_cmd_ready(struct device *dev,
 {
ktime_t stop, start;
 
-   if (priv->flags & CRB_FL_ACPI_START)
+   if ((priv->flags & CRB_FL_ACPI_START) ||
+   (priv->flags & CRB_FL_CRB_SMC_START))
return 0;
 
iowrite32(CRB_CTRL_REQ_CMD_READY, >cca->req);
@@ -229,6 +233,11 @@ static int crb_send(struct tpm_chip *chip, u8 *buf, size_t 
len)
if (priv->flags & CRB_FL_ACPI_START)
rc = crb_do_acpi_start(chip);
 
+   if (priv->flags & CRB_FL_CRB_SMC_START) {
+   iowrite32(CRB_START_INVOKE, >cca->start);
+   rc = tpm_crb_smc_start(priv->smc_func_id);
+   }
+
return rc;
 }
 
@@ -445,6 +454,17 @@ static int crb_acpi_add(struct acpi_device *device)
sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD)
priv->flags |= CRB_FL_ACPI_START;
 
+   if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_SMC) {
+   if ((buf->header.length - default_len) !=
+   sizeof(struct tpm2_crb_smc)) {
+   dev_err(dev, "TPM2 ACPI table has wrong size %u for 
start method type %d\n",
+   buf->header.length, 
ACPI_TPM2_COMMAND_BUFFER_WITH_SMC);
+   return -EINVAL;
+   }
+   priv->flags |= CRB_FL_CRB_SMC_START;
+   priv->smc_func_id = buf->platform_data.smc_params.smc_func_id;
+   }
+
rc = crb_map_io(device, priv, buf);
if (rc)
return rc;
-- 
Jiandi An
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm 
Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux 
Foundation Collaborative Project.


--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

[tpmdd-devel] [PATCH 0/3] tpm/tpm_crb: Enable TPM CRB interface for ARM64

[Jiandi An]

TCG ACPI Specification Family "1.2" and "2.0" Version 1.2
Revision 8 introduces a new start method (type 11) for ARM64,
along with platform specific paramters for this new start
method.  This new start method invokes a Secure Monitor Call
to request the firmware to execute or cancel a TPM 2.0 command.
These 3 patches enables TPM CRB driver for ARM64 and implements
the new start method for ARM64 in the TPM CRB driver.

Jiandi An (3):
  ACPICA: Update TPM2 ACPI table
  tpm: Add start method for ARM Secure Monitor Call
  tpm/tpm_crb: Enable TPM CRB interface for ARM64

 drivers/char/tpm/Kconfig   |  2 +-
 drivers/char/tpm/tpm.h | 29 +
 drivers/char/tpm/tpm_crb.c | 30 +++---
 drivers/char/tpm/tpm_tis.c |  6 +-
 include/acpi/actbl2.h  | 12 
 5 files changed, 74 insertions(+), 5 deletions(-)

-- 
Jiandi An
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm 
Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux 
Foundation Collaborative Project.


--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

[tpmdd-devel] [PATCH 1/3] ACPICA: Update TPM2 ACPI table

[Jiandi An]

TCG ACPI Specification Family "1.2" and "2.0" Version 1.2
Revision 8 introduces new start method for ARM SMC.

- Add new start method (type 11) for ARM SMC
- Add start method specific parameters for ARM SMC start method

Signed-off-by: Jiandi An 
---
 drivers/char/tpm/tpm_crb.c |  6 +-
 drivers/char/tpm/tpm_tis.c |  6 +-
 include/acpi/actbl2.h  | 12 
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index cb6fb13..089fcf8 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -410,12 +410,16 @@ static int crb_acpi_add(struct acpi_device *device)
struct tpm_chip *chip;
struct device *dev = >dev;
acpi_status status;
+   u32 default_len;
u32 sm;
int rc;
 
+   default_len = sizeof(struct acpi_table_tpm2) -
+ sizeof(union platform_params);
+
status = acpi_get_table(ACPI_SIG_TPM2, 1,
(struct acpi_table_header **) );
-   if (ACPI_FAILURE(status) || buf->header.length < sizeof(*buf)) {
+   if (ACPI_FAILURE(status) || buf->header.length < default_len) {
dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n");
return -EINVAL;
}
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index c7e1384..0e2e5f6 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -253,11 +253,15 @@ static int tpm_tis_acpi_init(struct acpi_device *acpi_dev)
acpi_status st;
struct list_head resources;
struct tpm_info tpm_info = {};
+   u32 default_len;
int ret;
 
+   default_len = sizeof(struct acpi_table_tpm2) -
+ sizeof(union platform_params);
+
st = acpi_get_table(ACPI_SIG_TPM2, 1,
(struct acpi_table_header **) );
-   if (ACPI_FAILURE(st) || tbl->header.length < sizeof(*tbl)) {
+   if (ACPI_FAILURE(st) || tbl->header.length < default_len) {
dev_err(_dev->dev,
FW_BUG "failed to get TPM2 ACPI table\n");
return -EINVAL;
diff --git a/include/acpi/actbl2.h b/include/acpi/actbl2.h
index 7aee9fb..9612049 100644
--- a/include/acpi/actbl2.h
+++ b/include/acpi/actbl2.h
@@ -1277,6 +1277,14 @@ struct acpi_table_tcpa_server {
  *
  
**/
 
+struct tpm2_crb_smc {
+   u32 interrupt;
+   u8 interrupt_flags;
+   u8 op_flags;
+   u16 reserved2;
+   u32 smc_func_id;
+};
+
 struct acpi_table_tpm2 {
struct acpi_table_header header;/* Common ACPI table header */
u16 platform_class;
@@ -1285,6 +1293,9 @@ struct acpi_table_tpm2 {
u32 start_method;
 
/* Platform-specific data follows */
+   union platform_params {
+   struct tpm2_crb_smc smc_params;
+   } platform_data;
 };
 
 /* Values for start_method above */
@@ -1294,6 +1305,7 @@ struct acpi_table_tpm2 {
 #define ACPI_TPM2_MEMORY_MAPPED 6
 #define ACPI_TPM2_COMMAND_BUFFER7
 #define ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD  8
+#define ACPI_TPM2_COMMAND_BUFFER_WITH_SMC  11
 
 
/***
  *
-- 
Jiandi An
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm 
Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux 
Foundation Collaborative Project.


--
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel