Re: [tpmdd-devel] [PATCH v2 3/4] tpm: reduce tpm_msleep() time in get_burstcount()
On 09/13/2017 06:30 AM, Jarkko Sakkinen wrote: On Wed, Sep 06, 2017 at 08:56:38AM -0400, Nayna Jain wrote: Currently, get_burstcount() function sleeps for 5msec in a loop before retrying for next query to burstcount. However, if it takes lesser time for TPM to return, this 5 msec delay is longer than necessary. This patch replaces the tpm_msleep time from 5msec to 1msec. After this change, performance on a TPM 1.2 with an 8 byte burstcount for 1000 extends improved from ~10sec to ~9sec. Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com> Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/char/tpm/tpm_tis_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index d1eab29cb447..d710bbc4608b 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -169,7 +169,7 @@ static int get_burstcount(struct tpm_chip *chip) burstcnt = (value >> 8) & 0x; if (burstcnt) return burstcnt; - tpm_msleep(TPM_TIMEOUT); + tpm_msleep(1); } while (time_before(jiffies, stop)); return -EBUSY; } -- 2.13.3 How did you pick 1 ms delay? Should there be a constant defining it? As per ddwg input, the command may not take more than a few microseconds. The minimum tpm_msleep() value is 1 msec, so we really don't have a choice. (We're working on a patch set to lower this value even more.) Thanks & Regards, - Nayna /Jarkko -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
Re: [tpmdd-devel] [PATCH v2 2/4] tpm: define __wait_for_tpm_stat to specify variable polling sleep time
On 09/13/2017 06:28 AM, Jarkko Sakkinen wrote:
On Wed, Sep 06, 2017 at 08:56:37AM -0400, Nayna Jain wrote:
The existing wait_for_tpm_stat() checks the chip status before
sleeping for 5 msec in a polling loop. For some functions although
the status isn't ready immediately, the status returns extremely
quickly. Waiting for 5 msec causes an unnecessary delay. An
example is the send() call in the tpms_tis driver.
This patch defines __wait_for_tpm_stat(), allowing the caller
to specify the polling sleep timeout value within the loop.
The existing wait_for_tpm_stat() becomes a wrapper for this
function.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~14sec to ~10sec.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Please get rid of wait_for_tpm_stat() rather than further making it more
complex. It's hardware specific stuff. This function should not exist in
tpm-interface.c.
I think I didn't understand the meaning of "get rid of wait_for_tpm_stat()".
Do you mean to take care of it in driver specific file ?
Can you please elaborate it ?
Thanks & Regards,
- Nayna
/Jarkko
---
drivers/char/tpm/tpm-interface.c | 15 ---
drivers/char/tpm/tpm.h | 3 +++
drivers/char/tpm/tpm_tis_core.c | 11 ++-
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 1d6729be4cd6..b23d006243b7 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -1050,8 +1050,9 @@ static bool wait_for_tpm_stat_cond(struct tpm_chip *chip,
u8 mask,
return false;
}
-int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
- wait_queue_head_t *queue, bool check_cancel)
+int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
+ unsigned int poll_sleep, wait_queue_head_t *queue,
+ bool check_cancel)
{
unsigned long stop;
long rc;
@@ -1085,7 +1086,7 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout,
}
} else {
do {
- tpm_msleep(TPM_TIMEOUT);
+ tpm_msleep(poll_sleep);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
@@ -1093,6 +1094,14 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout,
}
return -ETIME;
}
+EXPORT_SYMBOL_GPL(__wait_for_tpm_stat);
+
+int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
+ wait_queue_head_t *queue, bool check_cancel)
+{
+ return __wait_for_tpm_stat(chip, mask, timeout, TPM_TIMEOUT,
+ queue, check_cancel);
+}
EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
#define TPM_ORD_SAVESTATE 152
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 2d5466a72e40..eb2f8818eded 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -525,6 +525,9 @@ int tpm_do_selftest(struct tpm_chip *chip);
unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm_pm_suspend(struct device *dev);
int tpm_pm_resume(struct device *dev);
+int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
+ unsigned long timeout, unsigned int poll_sleep,
+ wait_queue_head_t *queue, bool check_cancel);
int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
wait_queue_head_t *queue, bool check_cancel);
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 6b9bf4c4d434..d1eab29cb447 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -268,8 +268,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
status = tpm_tis_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
tpm_tis_ready(chip);
- if (wait_for_tpm_stat
- (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
+ if (__wait_for_tpm_stat
+ (chip, TPM_STS_COMMAND_READY, chip->timeout_b, 1,
>int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
@@ -303,7 +303,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
if (ignore_burst_count)
continue;
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
+ if (__wait_for_tpm_stat(chip, TPM_STS_VALID,
+ chip->timeout_c, 1,
>
Re: [tpmdd-devel] [PATCH v2 1/4] tpm: ignore burstcount to improve tpm_tis send() performance.
On 09/14/2017 04:40 AM, Jarkko Sakkinen wrote:
On Wed, Sep 13, 2017 at 11:39:03AM -0700, Peter Huewe wrote:
Am 12. September 2017 17:45:08 GMT-07:00 schrieb Jarkko Sakkinen
<jarkko.sakki...@linux.intel.com>:
On Wed, Sep 06, 2017 at 08:56:36AM -0400, Nayna Jain wrote:
The TPM burstcount status indicates the number of bytes that can
be sent to the TPM without causing bus wait states. Effectively,
it is the number of empty bytes in the command FIFO. Further,
some TPMs have a static burstcount, when the value remains zero
until the entire FIFO is empty.
This patch adds an optimization to check for burstcount only once.
And if it is valid, it writes all the bytes at once, permitting
wait states. The performance of a 34 byte extend on a TPM 1.2 with
an 8 byte burstcount improved from 41 msec to 14 msec.
This functionality is enabled only by passing module
parameter ignore_burst_count=1. By default, this parameter
is disabled.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~41sec to ~14sec.
Suggested-by: Ken Goldman <kg...@linux.vnet.ibm.com> in
conjunction with the TPM Device Driver work group.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
Documentation/admin-guide/kernel-parameters.txt | 8
drivers/char/tpm/tpm_tis_core.c | 24
+---
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt
b/Documentation/admin-guide/kernel-parameters.txt
index 4e303be83df6..3c59bb91e1ee 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1465,6 +1465,14 @@
mode generally follows that for the NaN encoding,
except where unsupported by hardware.
+ ignore_burst_count [TPM_TIS_CORE]
+ tpm_tis_core driver queries for the burstcount before
+ every send call in a loop. However, it causes delay to
+ the send command for TPMs with low burstcount value.
+ Setting this value to 1, will make driver to query for
+ burstcount only once in the loop to improve the
+ performance. By default, its value is set to 0.
+
ignore_loglevel [KNL]
Ignore loglevel setting - this will print /all/
kernel messages to the console. Useful for debugging.
diff --git a/drivers/char/tpm/tpm_tis_core.c
b/drivers/char/tpm/tpm_tis_core.c
index 63bc6c3b949e..6b9bf4c4d434 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -31,6 +31,11 @@
#include "tpm.h"
#include "tpm_tis_core.h"
+static bool ignore_burst_count = false;
+module_param(ignore_burst_count, bool, 0444);
+MODULE_PARM_DESC(ignore_burst_count,
+ "Ignore burstcount value while writing data");
+
/* Before we attempt to access the TPM we must see that the valid
bit is set.
* The specification says that this bit is 0 at reset and remains 0
until the
* 'TPM has gone through its self test and initialization and has
established
@@ -256,6 +261,7 @@ static int tpm_tis_send_data(struct tpm_chip
*chip, u8 *buf, size_t len)
{
struct tpm_tis_data *priv = dev_get_drvdata(>dev);
int rc, status, burstcnt;
+ int sendcnt;
size_t count = 0;
bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
@@ -271,19 +277,31 @@ static int tpm_tis_send_data(struct tpm_chip
*chip, u8 *buf, size_t len)
}
while (count < len - 1) {
+
+ /*
+* Get the initial burstcount to ensure TPM is ready to
+* accept data, even when waiting for burstcount is disabled.
+*/
burstcnt = get_burstcount(chip);
if (burstcnt < 0) {
dev_err(>dev, "Unable to read burstcount\n");
rc = burstcnt;
goto out_err;
}
- burstcnt = min_t(int, burstcnt, len - count - 1);
+
+ if (ignore_burst_count)
+ sendcnt = len - 1;
+ else
+ sendcnt = min_t(int, burstcnt, len - count - 1);
+
rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
-burstcnt, buf + count);
+sendcnt, buf + count);
if (rc < 0)
goto out_err;
- count += burstcnt;
+ count += sendcnt;
+ if (ignore_burst_count)
+ continue;
if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS
On 09/12/2017 04:14 AM, Nasim, Kam wrote:
Hi folks,
I am building my TPM 2.0 driver as Kernel modules (tpm.ko,
tpm_tis_core.ko and tpm_tis.ko).
I noticed that while my /sys/kernel/security directory is created and
mounted to securityFS, it is empty.
Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is
being done during chip registration:
TPM 2.0 binary_bios_measurements event log file support is currently not
available for ACPI based platform. It is only for device tree based
platform. And I think you are using ACPI.
Thanks & Regards,
- Nayna
if (chip->flags & TPM_CHIP_FLAG_TPM2)
chip->bin_log_seqops.seqops =
_binary_b_measurements_seqops;
else
chip->bin_log_seqops.seqops =
_binary_b_measurements_seqops;
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
0440, chip->bios_dir[0],
(void *)>bin_log_seqops,
_bios_measurements_ops);
if (IS_ERR(chip->bios_dir[cnt]))
goto err;
My TPM modules are loaded properly and I can interact with TPM using
userspace TSS2 applications:
$ sudo lsmod | grep tpm
Password:
tpm_crb 6458 0
tpm_tis 5950 0
tpm_tis_core 10054 1 tpm_tis
tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.00]
ACPI: TPM2 7b7c8000 00034 (v03 INTEL S2600WT 0002 INTL
0113)
2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568]
tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
How and when would this file be created? For that matter I don’t even
have a /sys/devices/pnp0//pcrs file present
(I am on CentOS 7.3)
Thoughts?
Thanks,
Kam
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH 2/4] tpm: define __wait_for_tpm_stat to specify variable polling sleep time
The existing wait_for_tpm_stat() checks the chip status before
sleeping for 5 msec in a polling loop. For some functions although
the status isn't ready immediately, the status returns extremely
quickly. Waiting for 5 msec causes an unnecessary delay. An
example is the send() call in the tpms_tis driver.
This patch defines __wait_for_tpm_stat(), allowing the caller
to specify the polling sleep timeout value within the loop.
The existing wait_for_tpm_stat() becomes a wrapper for this
function.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-interface.c | 15 ---
drivers/char/tpm/tpm.h | 3 +++
drivers/char/tpm/tpm_tis_core.c | 11 ++-
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 1d6729be4cd6..b23d006243b7 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -1050,8 +1050,9 @@ static bool wait_for_tpm_stat_cond(struct tpm_chip *chip,
u8 mask,
return false;
}
-int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
- wait_queue_head_t *queue, bool check_cancel)
+int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
+ unsigned int poll_sleep, wait_queue_head_t *queue,
+ bool check_cancel)
{
unsigned long stop;
long rc;
@@ -1085,7 +1086,7 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout,
}
} else {
do {
- tpm_msleep(TPM_TIMEOUT);
+ tpm_msleep(poll_sleep);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
@@ -1093,6 +1094,14 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout,
}
return -ETIME;
}
+EXPORT_SYMBOL_GPL(__wait_for_tpm_stat);
+
+int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
+ wait_queue_head_t *queue, bool check_cancel)
+{
+ return __wait_for_tpm_stat(chip, mask, timeout, TPM_TIMEOUT,
+ queue, check_cancel);
+}
EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
#define TPM_ORD_SAVESTATE 152
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 2d5466a72e40..eb2f8818eded 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -525,6 +525,9 @@ int tpm_do_selftest(struct tpm_chip *chip);
unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm_pm_suspend(struct device *dev);
int tpm_pm_resume(struct device *dev);
+int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
+ unsigned long timeout, unsigned int poll_sleep,
+ wait_queue_head_t *queue, bool check_cancel);
int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
wait_queue_head_t *queue, bool check_cancel);
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 6b9bf4c4d434..d1eab29cb447 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -268,8 +268,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
status = tpm_tis_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
tpm_tis_ready(chip);
- if (wait_for_tpm_stat
- (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
+ if (__wait_for_tpm_stat
+ (chip, TPM_STS_COMMAND_READY, chip->timeout_b, 1,
>int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
@@ -303,7 +303,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
if (ignore_burst_count)
continue;
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
+ if (__wait_for_tpm_stat(chip, TPM_STS_VALID,
+ chip->timeout_c, 1,
>int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
@@ -320,8 +321,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
if (rc < 0)
goto out_err;
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
- >int_queue, false) < 0) {
+ if (__wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
+ 1, >int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
}
--
2.13.3
--
Check o
[tpmdd-devel] [PATCH v2 4/4] tpm: use tpm_msleep() value as max delay
Currently, tpm_msleep() uses delay_msec as the minimum value in
usleep_range. However, that is the maximum time we want to wait.
The function is modified to use the delay_msec as the maximum
value, not the minimum value.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~9sec to ~8sec.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index eb2f8818eded..ff5a8b7b80b9 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -533,8 +533,8 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout,
static inline void tpm_msleep(unsigned int delay_msec)
{
- usleep_range(delay_msec * 1000,
-(delay_msec * 1000) + TPM_TIMEOUT_RANGE_US);
+ usleep_range((delay_msec * 1000) - TPM_TIMEOUT_RANGE_US,
+delay_msec * 1000);
};
struct tpm_chip *tpm_chip_find_get(int chip_num);
--
2.13.3
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH 1/4] tpm: ignore burstcount to improve tpm_tis send() performance.
The TPM burstcount status indicates the number of bytes that can
be sent to the TPM without causing bus wait states. Effectively,
it is the number of empty bytes in the command FIFO. Further,
some TPMs have a static burstcount, when the value remains zero
until the entire FIFO is empty.
This patch adds an optimization to check for burstcount only once.
And if it is valid, it writes all the bytes at once, permitting
wait states. The performance of a 34 byte extend on a TPM 1.2 with
an 8 byte burstcount improved from 41 msec to 14 msec.
This functionality is enabled only by passing module
parameter ignore_burst_count=1. By default, this parameter
is disabled.
Suggested-by: Ken Goldman <kg...@linux.vnet.ibm.com> in
conjunction with the TPM Device Driver work group.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
Documentation/admin-guide/kernel-parameters.txt | 8
drivers/char/tpm/tpm_tis_core.c | 24 +---
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt
b/Documentation/admin-guide/kernel-parameters.txt
index 4e303be83df6..3c59bb91e1ee 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1465,6 +1465,14 @@
mode generally follows that for the NaN encoding,
except where unsupported by hardware.
+ ignore_burst_count [TPM_TIS_CORE]
+ tpm_tis_core driver queries for the burstcount before
+ every send call in a loop. However, it causes delay to
+ the send command for TPMs with low burstcount value.
+ Setting this value to 1, will make driver to query for
+ burstcount only once in the loop to improve the
+ performance. By default, its value is set to 0.
+
ignore_loglevel [KNL]
Ignore loglevel setting - this will print /all/
kernel messages to the console. Useful for debugging.
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 63bc6c3b949e..6b9bf4c4d434 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -31,6 +31,11 @@
#include "tpm.h"
#include "tpm_tis_core.h"
+static bool ignore_burst_count = false;
+module_param(ignore_burst_count, bool, 0444);
+MODULE_PARM_DESC(ignore_burst_count,
+ "Ignore burstcount value while writing data");
+
/* Before we attempt to access the TPM we must see that the valid bit is set.
* The specification says that this bit is 0 at reset and remains 0 until the
* 'TPM has gone through its self test and initialization and has established
@@ -256,6 +261,7 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
{
struct tpm_tis_data *priv = dev_get_drvdata(>dev);
int rc, status, burstcnt;
+ int sendcnt;
size_t count = 0;
bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
@@ -271,19 +277,31 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
}
while (count < len - 1) {
+
+ /*
+* Get the initial burstcount to ensure TPM is ready to
+* accept data, even when waiting for burstcount is disabled.
+*/
burstcnt = get_burstcount(chip);
if (burstcnt < 0) {
dev_err(>dev, "Unable to read burstcount\n");
rc = burstcnt;
goto out_err;
}
- burstcnt = min_t(int, burstcnt, len - count - 1);
+
+ if (ignore_burst_count)
+ sendcnt = len - 1;
+ else
+ sendcnt = min_t(int, burstcnt, len - count - 1);
+
rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
-burstcnt, buf + count);
+sendcnt, buf + count);
if (rc < 0)
goto out_err;
- count += burstcnt;
+ count += sendcnt;
+ if (ignore_burst_count)
+ continue;
if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
>int_queue, false) < 0) {
--
2.13.3
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v2 3/4] tpm: reduce tpm_msleep() time in get_burstcount()
Currently, get_burstcount() function sleeps for 5msec in a loop before retrying for next query to burstcount. However, if it takes lesser time for TPM to return, this 5 msec delay is longer than necessary. This patch replaces the tpm_msleep time from 5msec to 1msec. After this change, performance on a TPM 1.2 with an 8 byte burstcount for 1000 extends improved from ~10sec to ~9sec. Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com> Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/char/tpm/tpm_tis_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index d1eab29cb447..d710bbc4608b 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -169,7 +169,7 @@ static int get_burstcount(struct tpm_chip *chip) burstcnt = (value >> 8) & 0x; if (burstcnt) return burstcnt; - tpm_msleep(TPM_TIMEOUT); + tpm_msleep(1); } while (time_before(jiffies, stop)); return -EBUSY; } -- 2.13.3 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v2 1/4] tpm: ignore burstcount to improve tpm_tis send() performance.
The TPM burstcount status indicates the number of bytes that can
be sent to the TPM without causing bus wait states. Effectively,
it is the number of empty bytes in the command FIFO. Further,
some TPMs have a static burstcount, when the value remains zero
until the entire FIFO is empty.
This patch adds an optimization to check for burstcount only once.
And if it is valid, it writes all the bytes at once, permitting
wait states. The performance of a 34 byte extend on a TPM 1.2 with
an 8 byte burstcount improved from 41 msec to 14 msec.
This functionality is enabled only by passing module
parameter ignore_burst_count=1. By default, this parameter
is disabled.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~41sec to ~14sec.
Suggested-by: Ken Goldman <kg...@linux.vnet.ibm.com> in
conjunction with the TPM Device Driver work group.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
Documentation/admin-guide/kernel-parameters.txt | 8
drivers/char/tpm/tpm_tis_core.c | 24 +---
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt
b/Documentation/admin-guide/kernel-parameters.txt
index 4e303be83df6..3c59bb91e1ee 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1465,6 +1465,14 @@
mode generally follows that for the NaN encoding,
except where unsupported by hardware.
+ ignore_burst_count [TPM_TIS_CORE]
+ tpm_tis_core driver queries for the burstcount before
+ every send call in a loop. However, it causes delay to
+ the send command for TPMs with low burstcount value.
+ Setting this value to 1, will make driver to query for
+ burstcount only once in the loop to improve the
+ performance. By default, its value is set to 0.
+
ignore_loglevel [KNL]
Ignore loglevel setting - this will print /all/
kernel messages to the console. Useful for debugging.
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 63bc6c3b949e..6b9bf4c4d434 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -31,6 +31,11 @@
#include "tpm.h"
#include "tpm_tis_core.h"
+static bool ignore_burst_count = false;
+module_param(ignore_burst_count, bool, 0444);
+MODULE_PARM_DESC(ignore_burst_count,
+ "Ignore burstcount value while writing data");
+
/* Before we attempt to access the TPM we must see that the valid bit is set.
* The specification says that this bit is 0 at reset and remains 0 until the
* 'TPM has gone through its self test and initialization and has established
@@ -256,6 +261,7 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
{
struct tpm_tis_data *priv = dev_get_drvdata(>dev);
int rc, status, burstcnt;
+ int sendcnt;
size_t count = 0;
bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
@@ -271,19 +277,31 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
}
while (count < len - 1) {
+
+ /*
+* Get the initial burstcount to ensure TPM is ready to
+* accept data, even when waiting for burstcount is disabled.
+*/
burstcnt = get_burstcount(chip);
if (burstcnt < 0) {
dev_err(>dev, "Unable to read burstcount\n");
rc = burstcnt;
goto out_err;
}
- burstcnt = min_t(int, burstcnt, len - count - 1);
+
+ if (ignore_burst_count)
+ sendcnt = len - 1;
+ else
+ sendcnt = min_t(int, burstcnt, len - count - 1);
+
rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
-burstcnt, buf + count);
+sendcnt, buf + count);
if (rc < 0)
goto out_err;
- count += burstcnt;
+ count += sendcnt;
+ if (ignore_burst_count)
+ continue;
if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
>int_queue, false) < 0) {
--
2.13.3
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/s
[tpmdd-devel] [PATCH v2 0/4] additional TPM performance improvements
After further discussions with the Device Driver working group (ddwg), the following changes were made: * Check for burstcount at least once to confirm the TPM is ready to accept the data. Similarly, query for the TPM Expect status as sanity check at the end. * Make the sleep for status check during send() in the loop less than 5msec. * Make the sleep in the loop while querying for burstcount less than 5msec. Below is the list of patches along with the performance improvements seen with a TPM 1.2 with an 8 byte burstcount for 1000 extends: Patch|Improvement(time in sec) tpm: ignore burstcount to improve tpm_tis| ~41 - ~14 send() performance. tpm: define __wait_for_tpm_stat to specify | ~14 - ~10 variable polling sleep time tpm: reduce tpm_msleep() time in | ~10 - ~9 get_burstcount() tpm: modify tpm_msleep() function to have| ~9 - ~8 max range Changelog v2: * Add module parameter to handle ignoring of burst count during tpm tis send() operation. * Add improvements over sleep time to reduce delays. Nayna Jain (4): tpm: ignore burstcount to improve tpm_tis send() performance. tpm: define __wait_for_tpm_stat to specify variable polling sleep time tpm: reduce tpm_msleep() time in get_burstcount() tpm: use tpm_msleep() value as max delay Documentation/admin-guide/kernel-parameters.txt | 8 ++ drivers/char/tpm/tpm-interface.c| 15 -- drivers/char/tpm/tpm.h | 7 +++-- drivers/char/tpm/tpm_tis_core.c | 37 +++-- 4 files changed, 53 insertions(+), 14 deletions(-) -- 2.13.3 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH] tpm: improve tpm_tis send() performance by ignoring burstcount
The TPM burstcount status indicates the number of bytes that can
be sent to the TPM without causing bus wait states. Effectively,
it is the number of empty bytes in the command FIFO. Further,
some TPMs have a static burstcount, when the value remains zero
until the entire FIFO is empty.
This patch ignores burstcount, permitting wait states, and thus
writes the command as fast as the TPM can accept the bytes.
The performance of a 34 byte extend on a TPM 1.2 improved from
52 msec to 11 msec.
Suggested-by: Ken Goldman <kg...@linux.vnet.ibm.com> in
conjunction with the TPM Device Driver work group.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_tis_core.c | 45 ++---
1 file changed, 2 insertions(+), 43 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index b617b2eeb080..478cbc0f61c3 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -255,9 +255,7 @@ static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf,
size_t count)
static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
{
struct tpm_tis_data *priv = dev_get_drvdata(>dev);
- int rc, status, burstcnt;
- size_t count = 0;
- bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
+ int rc, status;
status = tpm_tis_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
@@ -270,49 +268,10 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8
*buf, size_t len)
}
}
- while (count < len - 1) {
- burstcnt = get_burstcount(chip);
- if (burstcnt < 0) {
- dev_err(>dev, "Unable to read burstcount\n");
- rc = burstcnt;
- goto out_err;
- }
- burstcnt = min_t(int, burstcnt, len - count - 1);
- rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
-burstcnt, buf + count);
- if (rc < 0)
- goto out_err;
-
- count += burstcnt;
-
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
- >int_queue, false) < 0) {
- rc = -ETIME;
- goto out_err;
- }
- status = tpm_tis_status(chip);
- if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
- rc = -EIO;
- goto out_err;
- }
- }
-
- /* write last byte */
- rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
+ rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality), len, buf);
if (rc < 0)
goto out_err;
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
- >int_queue, false) < 0) {
- rc = -ETIME;
- goto out_err;
- }
- status = tpm_tis_status(chip);
- if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
- rc = -EIO;
- goto out_err;
- }
-
return 0;
out_err:
--
2.13.3
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v1 1/2] tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver
Commit 500462a9de65 "timers: Switch to a non-cascading wheel" replaced
the 'classic' timer wheel, which aimed for near 'exact' expiry of the
timers. Their analysis was that the vast majority of timeout timers
are used as safeguards, not as real timers, and are cancelled or
rearmed before expiration. The only exception noted to this were
networking timers with a small expiry time.
Not included in the analysis was the TPM polling timer, which resulted
in a longer normal delay and, every so often, a very long delay. The
non-cascading wheel delay is based on CONFIG_HZ. For a description of
the different rings and their delays, refer to the comments in
kernel/time/timer.c.
Below are the delays given for rings 0 - 2, which explains the longer
"normal" delays and the very, long delays as seen on systems with
CONFIG_HZ 250.
* HZ 1000 steps
* Level Offset GranularityRange
* 0 0 1 ms0 ms - 63 ms
* 1 64 8 ms 64 ms - 511 ms
* 212864 ms 512 ms - 4095 ms (512ms - ~4s)
* HZ 250
* Level Offset GranularityRange
* 0 0 4 ms0 ms - 255 ms
* 1 6432 ms 256 ms - 2047 ms (256ms - ~2s)
* 2128 256 ms 2048 ms - 16383 ms (~2s - ~16s)
Below is a comparison of extending the TPM with 1000 measurements,
using msleep() vs. usleep_delay() when configured for 1000 hz vs. 250
hz, before and after commit 500462a9de65.
linux-4.7 | msleep() usleep_range()
1000 hz: 0m44.628s | 1m34.497s 29.243s
250 hz: 1m28.510s | 4m49.269s 32.386s
linux-4.7 | min-max (msleep) min-max (usleep_range)
1000 hz: 0:017 - 2:760s | 0:015 - 3:967s0:014 - 0:418s
250 hz: 0:028 - 1:954s | 0:040 - 4:096s0:016 - 0:816s
This patch replaces the msleep() with usleep_range() calls in the
i2c nuvoton driver with a consistent max range value.
Signed-of-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Cc: sta...@vger.kernel.org (linux-4.8)
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
Changelog v1:
- Included Jason's feedbacks related to #defines.
drivers/char/tpm/tpm_i2c_nuvoton.c | 23 +++
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c
b/drivers/char/tpm/tpm_i2c_nuvoton.c
index e3a9155..0c98c42 100644
--- a/drivers/char/tpm/tpm_i2c_nuvoton.c
+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
@@ -49,9 +49,10 @@
*/
#define TPM_I2C_MAX_BUF_SIZE 32
#define TPM_I2C_RETRY_COUNT32
-#define TPM_I2C_BUS_DELAY 1 /* msec */
-#define TPM_I2C_RETRY_DELAY_SHORT 2 /* msec */
-#define TPM_I2C_RETRY_DELAY_LONG 10 /* msec */
+#define TPM_I2C_BUS_DELAY 1000/* usec */
+#define TPM_I2C_RETRY_DELAY_SHORT (2 * 1000) /* usec */
+#define TPM_I2C_RETRY_DELAY_LONG (10 * 1000) /* usec */
+#define TPM_I2C_DELAY_RANGE300 /* usec */
#define OF_IS_TPM2 ((void *)1)
#define I2C_IS_TPM2 1
@@ -123,7 +124,8 @@ static s32 i2c_nuvoton_write_status(struct i2c_client
*client, u8 data)
/* this causes the current command to be aborted */
for (i = 0, status = -1; i < TPM_I2C_RETRY_COUNT && status < 0; i++) {
status = i2c_nuvoton_write_buf(client, TPM_STS, 1, );
- msleep(TPM_I2C_BUS_DELAY);
+ usleep_range(TPM_I2C_BUS_DELAY, TPM_I2C_BUS_DELAY
++ TPM_I2C_DELAY_RANGE);
}
return status;
}
@@ -160,7 +162,8 @@ static int i2c_nuvoton_get_burstcount(struct i2c_client
*client,
burst_count = min_t(u8, TPM_I2C_MAX_BUF_SIZE, data);
break;
}
- msleep(TPM_I2C_BUS_DELAY);
+ usleep_range(TPM_I2C_BUS_DELAY, TPM_I2C_BUS_DELAY
++ TPM_I2C_DELAY_RANGE);
} while (time_before(jiffies, stop));
return burst_count;
@@ -203,13 +206,17 @@ static int i2c_nuvoton_wait_for_stat(struct tpm_chip
*chip, u8 mask, u8 value,
return 0;
/* use polling to wait for the event */
- ten_msec = jiffies + msecs_to_jiffies(TPM_I2C_RETRY_DELAY_LONG);
+ ten_msec = jiffies + usecs_to_jiffies(TPM_I2C_RETRY_DELAY_LONG);
stop = jiffies + timeout;
do {
if (time_before(jiffies, ten_msec))
- msleep(TPM_I2C_RETRY_DELAY_SHORT);
+ usleep_range(TPM_I2C_RETRY_DELAY_SHORT,
+TPM_I2C_RETRY_DELAY_SHORT
++ TPM_I2C_DELAY_RANGE);
else
- msleep(TPM_I2C_RETRY_DELAY_LONG);
+
[tpmdd-devel] [PATCH v7 1/2] tpm: implement TPM 2.0 capability to get active PCR banks
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Tested-by: Kenneth Goldman <kg...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm.h | 5 +++
drivers/char/tpm/tpm2-cmd.c | 77 +
2 files changed, 82 insertions(+)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index dbe0c5a..db0398a 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -97,6 +97,7 @@ enum tpm2_return_codes {
};
enum tpm2_algorithms {
+ TPM2_ALG_ERROR = 0x,
TPM2_ALG_SHA1 = 0x0004,
TPM2_ALG_KEYEDHASH = 0x0008,
TPM2_ALG_SHA256 = 0x000B,
@@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
};
enum tpm2_capabilities {
+ TPM2_CAP_PCRS = 5,
TPM2_CAP_TPM_PROPERTIES = 6,
};
@@ -187,6 +189,8 @@ struct tpm_chip {
const struct attribute_group *groups[3];
unsigned int groups_cnt;
+
+ u16 active_banks[7];
#ifdef CONFIG_ACPI
acpi_handle acpi_dev_handle;
char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -540,4 +544,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
#endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 42fe3dd..6fbd42c 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -1030,3 +1030,80 @@ int tpm2_auto_startup(struct tpm_chip *chip)
rc = -ENODEV;
return rc;
}
+
+struct tpm2_pcr_selection {
+ __be16 hash_alg;
+ u8 size_of_select;
+ u8 pcr_select[3];
+} __packed;
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+ struct tpm2_pcr_selection pcr_selection;
+ struct tpm_buf buf;
+ void *marker;
+ void *end;
+ void *pcr_select_offset;
+ unsigned int count;
+ u32 sizeof_pcr_selection;
+ u32 rsp_len;
+ int rc;
+ int i = 0;
+
+ rc = tpm_buf_init(, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
+ if (rc)
+ return rc;
+
+ tpm_buf_append_u32(, TPM2_CAP_PCRS);
+ tpm_buf_append_u32(, 0);
+ tpm_buf_append_u32(, 1);
+
+ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 9, 0,
+ "get tpm pcr allocation");
+ if (rc)
+ goto out;
+
+ count = be32_to_cpup(
+ (__be32 *)[TPM_HEADER_SIZE + 5]);
+
+ if (count > ARRAY_SIZE(chip->active_banks)) {
+ rc = -ENODEV;
+ goto out;
+ }
+
+ marker = [TPM_HEADER_SIZE + 9];
+
+ rsp_len = be32_to_cpup((__be32 *)[2]);
+ end = [rsp_len];
+
+ for (i = 0; i < count; i++) {
+ pcr_select_offset = marker +
+ offsetof(struct tpm2_pcr_selection, size_of_select);
+ if (pcr_select_offset >= end) {
+ rc = -EFAULT;
+ break;
+ }
+
+ memcpy(_selection, marker, sizeof(pcr_selection));
+ chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+ sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
+ sizeof(pcr_selection.size_of_select) +
+ pcr_selection.size_of_select;
+ marker = marker + sizeof_pcr_selection;
+ }
+
+out:
+ if (i < ARRAY_SIZE(chip->active_banks))
+ chip->active_banks[i] = TPM2_ALG_ERROR;
+
+ tpm_buf_destroy();
+
+ return rc;
+}
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v7 0/2] enhance TPM 2.0 extend function to support multiple PCR banks
IMA extends its hash measurements in the TPM PCRs, based on policy. The existing in-kernel TPM extend function extends only the SHA1 PCR bank. TPM 2.0 defines multiple PCR banks, to support different hash algorithms. The TCG TPM 2.0 Specification[1] recommends extending all active PCR banks to prevent malicious users from setting unused PCR banks with fake measurements and quoting them. This patch set adds support for extending all active PCR banks, as recommended. The first patch implements the TPM 2.0 capability to retrieve the list of active PCR banks. The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend() interface to support extending multiple PCR banks. The existing tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to extend all active PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest is padded with 0's as needed. [1] TPM 2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Changelog v7: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Fixed missing TPM error handling in tpm2_get_pcr_allocation(). Thanks Jarkko for noticing it. - Included Stefan's suggestion on adding buffer access check. - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Moved tpm2_digest and include for hash_info.h in tpm.h. tpm_eventlog.h has no modifications now. Changelog v6: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Fixed the regression - missing tpm_buf_destroy() in in tpm2_get_pcr_allocation(). Thanks Jarkko for noticing. - Added TPM2_ALG_ERROR = 0x to represent invalid algorithm. Changelog v5: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Moved variable declaration to start of function in tpm_pcr_extend() Changelog v4: - Updated cover letter as per Mimi's feedback. - Rebased to Jarkko's latest master branch (4064b6b tpm_tis: use default timeout value if chip reports it as zero) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Moved call to tpm2_get_pcr_allocation to Patch 2 - Renamed struct tpm2_tpms_pcr_selection to struct tpm2_pcr_selection and moved the struct to before tpm2_get_pcr_allocation() - Fixed code formatting - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Included Jarkkos' feedbacks - Updated commit msg to mention dependency on CRYPTO_HASH_INFO - Renamed struct tpmt_hash to struct tpm2_digest - Removed struct tpml_digest_values, tpm2_pcr_extend() now accepts count and digests list as two separate arguments. Added check for count of hashes passed. - Cleaned up struct tpm2_pcr_extend_in as not required anymore with use of tpm_buf - Moved struct tpm2_null_auth_area just before tpm2_pcr_extend() as it is the only function using it for now. - Fixed code formatting Changelog v3: - Rebased to the Jarkko's latest master branch (8e25809 tpm: Do not print an error message when doing TPM auto startup) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Removed getcap_in, getcap_out and used tpm_buf for getting capability. - Used ARRAY_SIZE in place of TPM_MAX_PCR_BANKS and included other feedbacks. - Patch "tpm: enhance TPM 2.0 PCR extend to support multiple banks" - Fixed kbuild errors - Fixed buf.data uninitialized warning. - Added TCG_TPM dependency on CONFIG_CRYPTO_HASH_INFO in Kconfig. Changelog v2: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - defined structs definition in tpm2-cmd.c. - no_of_active_banks field is removed. Instead, constant TPM2_MAX_PCR_BANKS is defined. - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation() - removed generic function tpm2_get_capability(). - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Removed tpm2.h, and defined structs common for extend and event log in tpm_eventlog.h - uses tpm_buf in tpm2_pcr_extend(). Nayna Jain (2): tpm: implement TPM 2.0 capability to get active PCR banks tpm: enhance TPM 2.0 PCR extend to support multiple banks drivers/char/tpm/Kconfig | 1 + drivers/char/tpm/tpm-interface.c | 15 +++- drivers/char/tpm/tpm.h | 14 +++- drivers/char/tpm/tpm2-cmd.c | 168 +-- 4 files changed, 154 insertions(+), 44 deletions(-) -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v7 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks
The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.
The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest. To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.
This patch reuses the defined digest sizes from the crypto subsystem,
adding a dependency on CRYPTO_HASH_INFO module.
[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Kconfig | 1 +
drivers/char/tpm/tpm-interface.c | 15 ++-
drivers/char/tpm/tpm.h | 9 +++-
drivers/char/tpm/tpm2-cmd.c | 91 +---
4 files changed, 72 insertions(+), 44 deletions(-)
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 277186d..af985cc 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -6,6 +6,7 @@ menuconfig TCG_TPM
tristate "TPM Hardware Support"
depends on HAS_IOMEM
select SECURITYFS
+ select CRYPTO_HASH_INFO
---help---
If you have a TPM security chip in your system, which
implements the Trusted Computing Group's specification,
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 2ea16ab..7fa05a9 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -789,13 +789,26 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8
*hash)
struct tpm_cmd_t cmd;
int rc;
struct tpm_chip *chip;
+ int max_active_banks = ARRAY_SIZE(chip->active_banks);
+ struct tpm2_digest digest_list[max_active_banks];
+ u32 count = 0;
+ int i;
chip = tpm_chip_find_get(chip_num);
if (chip == NULL)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
- rc = tpm2_pcr_extend(chip, pcr_idx, hash);
+ memset(digest_list, 0, sizeof(digest_list));
+
+ for (i = 0; (chip->active_banks[i] != TPM2_ALG_ERROR) &&
+(i < max_active_banks); i++) {
+ digest_list[i].alg_id = chip->active_banks[i];
+ memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE);
+ count++;
+ }
+
+ rc = tpm2_pcr_extend(chip, pcr_idx, count, digest_list);
tpm_put_ops(chip);
return rc;
}
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index db0398a..4b7eca9 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -34,6 +34,7 @@
#include
#include
#include
+#include
#include "tpm_eventlog.h"
@@ -380,6 +381,11 @@ struct tpm_cmd_t {
tpm_cmd_params params;
} __packed;
+struct tpm2_digest {
+ u16 alg_id;
+ u8 digest[SHA512_DIGEST_SIZE];
+} __packed;
+
/* A string buffer type for constructing TPM commands. This is based on the
* ideas of string buffer code in security/keys/trusted.h but is heap based
* in order to keep the stack usage minimal.
@@ -529,7 +535,8 @@ static inline inline u32 tpm2_rc_value(u32 rc)
}
int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
+int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
+ struct tpm2_digest *digests);
int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
int tpm2_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload,
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6fbd42c..60042f7 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -53,22 +53,6 @@ struct tpm2_pcr_read_out {
u8 digest[TPM_DIGEST_SIZE];
} __packed;
-struct tpm2_null_auth_area {
- __be32 handle;
- __be16 nonce_size;
- u8 attributes;
- __be16 auth_size;
-} __packed;
-
-struct tpm2_pcr_extend_in {
- __be32 pcr_idx;
- __be32 auth_area_size;
- struct tpm2_null_auth_area auth_area;
- __be32 digest_cnt;
- __be16 hash_alg;
- u8 digest[TPM_DIGEST_SIZE];
-} __packed;
-
struct tpm2_get_tpm_pt_in {
__be32 cap_id;
__be32 property_id;
@@ -97,7 +81,6 @@ union tpm2_cmd_params {
struct tpm2_self_test_in selftest_in;
struct tpm2_pcr_read_inpcrread_in;
[tpmdd-devel] [PATCH] tpm: add buffer access validation in tpm2_get_pcr_allocation()
This patch add validation in tpm2_get_pcr_allocation to avoid
access beyond response buffer length.
Suggested-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm2-cmd.c | 28 +++-
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 4aad84c..02c1ea7 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -1008,9 +1008,13 @@ static ssize_t tpm2_get_pcr_allocation(struct tpm_chip
*chip)
struct tpm2_pcr_selection pcr_selection;
struct tpm_buf buf;
void *marker;
- unsigned int count = 0;
+ void *end;
+ void *pcr_select_offset;
+ unsigned int count;
+ u32 sizeof_pcr_selection;
+ u32 resp_len;
int rc;
- int i;
+ int i = 0;
rc = tpm_buf_init(, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
if (rc)
@@ -1034,15 +1038,29 @@ static ssize_t tpm2_get_pcr_allocation(struct tpm_chip
*chip)
}
marker = [TPM_HEADER_SIZE + 9];
+
+ resp_len = be32_to_cpup((__be32 *)[2]);
+ end = [resp_len];
+
for (i = 0; i < count; i++) {
+ pcr_select_offset = marker +
+ offsetof(struct tpm2_pcr_selection, size_of_select);
+ if (pcr_select_offset >= end) {
+ rc = -EFAULT;
+ break;
+ }
+
memcpy(_selection, marker, sizeof(pcr_selection));
chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
- marker = marker + sizeof(struct tpm2_pcr_selection);
+ sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
+ sizeof(pcr_selection.size_of_select) +
+ sizeof(u8) * pcr_selection.size_of_select;
+ marker = marker + sizeof_pcr_selection;
}
out:
- if (count < ARRAY_SIZE(chip->active_banks))
- chip->active_banks[count] = TPM2_ALG_ERROR;
+ if (i < ARRAY_SIZE(chip->active_banks))
+ chip->active_banks[i] = TPM2_ALG_ERROR;
tpm_buf_destroy();
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH] tpm: fix TPM error handling in tpm2_get_pcr_allocation
Fixes: 75768b4(tpm: enhance TPM 2.0 PCR extend to support multiple banks) Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com> --- drivers/char/tpm/tpm2-cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 4aad84c..fa52309 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -1022,7 +1022,7 @@ static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 9, 0, "get tpm pcr allocation"); - if (rc < 0) + if (rc) goto out; count = be32_to_cpup( -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support for TPM 2.0 firmware event log
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
not support the securityfs pseudo files for displaying the
firmware event log.
This patch enables support for providing the TPM 2.0 event log in
binary form. TPM 2.0 event log supports a crypto agile format that
records multiple digests, which is different from TPM 1.2. This
patch enables the tpm_bios_log_setup for TPM 2.0 and adds the
event log parser which understand the TPM 2.0 crypto agile format.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile | 2 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 ++--
drivers/char/tpm/tpm2_eventlog.c | 203 +
drivers/char/tpm/tpm_acpi.c| 3 +
drivers/char/tpm/tpm_eventlog.h| 59 ++
5 files changed, 287 insertions(+), 15 deletions(-)
rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a05b1eb..3d386a8 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
- tpm_eventlog.o
+ tpm1_eventlog.o tpm2_eventlog.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm1_eventlog.c
similarity index 95%
rename from drivers/char/tpm/tpm_eventlog.c
rename to drivers/char/tpm/tpm1_eventlog.c
index 11bb113..9a8605e 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm1_eventlog.c
@@ -390,9 +390,6 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
unsigned int cnt;
int rc = 0;
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return 0;
-
rc = tpm_read_log(chip);
if (rc)
return rc;
@@ -407,7 +404,13 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
cnt++;
chip->bin_log_seqops.chip = chip;
- chip->bin_log_seqops.seqops = _binary_b_measurements_seqops;
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ chip->bin_log_seqops.seqops =
+ _binary_b_measurements_seqops;
+ else
+ chip->bin_log_seqops.seqops =
+ _binary_b_measurements_seqops;
+
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
@@ -418,17 +421,21 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
goto err;
cnt++;
- chip->ascii_log_seqops.chip = chip;
- chip->ascii_log_seqops.seqops = _ascii_b_measurements_seqops;
+ if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
- chip->bios_dir[cnt] =
- securityfs_create_file("ascii_bios_measurements",
- 0440, chip->bios_dir[0],
- (void *)>ascii_log_seqops,
- _bios_measurements_ops);
- if (IS_ERR(chip->bios_dir[cnt]))
- goto err;
- cnt++;
+ chip->ascii_log_seqops.chip = chip;
+ chip->ascii_log_seqops.seqops =
+ _ascii_b_measurements_seqops;
+
+ chip->bios_dir[cnt] =
+ securityfs_create_file("ascii_bios_measurements",
+ 0440, chip->bios_dir[0],
+ (void *)>ascii_log_seqops,
+ _bios_measurements_ops);
+ if (IS_ERR(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
+ }
return 0;
diff --git a/drivers/char/tpm/tpm2_eventlog.c b/drivers/char/tpm/tpm2_eventlog.c
new file mode 100644
index 000..513897c
--- /dev/null
+++ b/drivers/char/tpm/tpm2_eventlog.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2016 IBM Corporation
+ *
+ * Authors:
+ * Nayna Jain <na...@linux.vnet.ibm.com>
+ *
+ * Access to TPM 2.0 event log as written by Firmware.
+ * It assumes that writer of event log has followed TCG Specification
+ * for Family "2.0" and written the event data in little endian.
+ * With that, it doesn't need any endian conversion for structure
+ * content.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include "tpm.h"
+#include "tpm_eventlog.h"
+
+/*
+ * ca
[tpmdd-devel] [PATCH v9 1/2] tpm: enhance read_log_of() to support Physical TPM event log
Physical TPMs use Open Firmware Device Tree bindings that are similar
to the IBM Power virtual TPM to support event log. However, these
properties store the values in different endianness for Physical
and Virtual TPM.
This patch fixes the endianness issue by doing appropriate conversion
based on Physical or Virtual TPM.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm_of.c | 27 +++
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 7dee42d7..de57d4a 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -27,6 +27,8 @@ int tpm_read_log_of(struct tpm_chip *chip)
const u32 *sizep;
const u64 *basep;
struct tpm_bios_log *log;
+ u32 size;
+ u64 base;
log = >log;
if (chip->dev.parent && chip->dev.parent->of_node)
@@ -41,18 +43,35 @@ int tpm_read_log_of(struct tpm_chip *chip)
if (sizep == NULL || basep == NULL)
return -EIO;
- if (*sizep == 0) {
+ /*
+* For both vtpm/tpm, firmware has log addr and log size in big
+* endian format. But in case of vtpm, there is a method called
+* sml-handover which is run during kernel init even before
+* device tree is setup. This sml-handover function takes care
+* of endianness and writes to sml-base and sml-size in little
+* endian format. For this reason, vtpm doesn't need conversion
+* but physical tpm needs the conversion.
+*/
+ if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0) {
+ size = be32_to_cpup(sizep);
+ base = be64_to_cpup(basep);
+ } else {
+ size = *sizep;
+ base = *basep;
+ }
+
+ if (size == 0) {
dev_warn(>dev, "%s: Event log area empty\n", __func__);
return -EIO;
}
- log->bios_event_log = kmalloc(*sizep, GFP_KERNEL);
+ log->bios_event_log = kmalloc(size, GFP_KERNEL);
if (!log->bios_event_log)
return -ENOMEM;
- log->bios_event_log_end = log->bios_event_log + *sizep;
+ log->bios_event_log_end = log->bios_event_log + size;
- memcpy(log->bios_event_log, __va(*basep), *sizep);
+ memcpy(log->bios_event_log, __va(base), size);
return 0;
}
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v9 0/2] securityfs support for TPM 2.0 firmware event log
The TPM device driver defines ascii and binary methods for displaying the TPM 1.2 event log via securityfs files, which are needed for validating a TPM quote. The device driver for TPM 2.0 does not have similar support for displaying the TPM 2.0 event log. This patch set adds the support for displaying TPM 2.0 event log in binary format. The parsing mechanism to display the TPM 2.0 event log in binary format is implemented as defined in the TPM 2.0 TCG specification[1]. If the firmware event log support exists and is successfully read, the securityfs file is created to provide the event log in binary format for both the OF device tree and ACPI. - Patch 1 adds the device tree bindings support for Physical TPM. - Patch 2 adds the support for creating securityfs files and for displaying the TPM 2.0 crypto agile event log in binary format. [1] TCG EFI Protocol Specification, Family "2.0" - Section 5 "Event Log Structure" Changelog History v9: - Rebased to the Jarkko's latest master branch (9b7f425 tpm: Check size of response before accessing data) - Patch "tpm: add securityfs support for TPM 2.0 firmware event log" - Renamed struct tpmt_ha to struct tpm2_hash. - Removed struct tpml_digest_values. v8: - Rebased to the Jarkko's latest master branch (8e25809 tpm: Do not print an error message when doing TPM auto startup) - Patch "tpm: add securityfs support for TPM 2.0 firmware event log" - Added feedbacks from Jarkko - tpm_read_log_acpi() returns -ENODEV for TPM 2.0. - Fixed code formatting and comments. v7: - Rebased to the Jarkko's latest master branch (b2505f6 tpm/vtpm: fix kdoc warnings) - Included Jarkko's feedbacks on version v6. - Cleaned up #defines in tpm2_eventlog.c - renamed HASH_COUNT to TPM2_ACTIVE_PCR_BANKS - deleted MAX_DIGEST_SIZE, used SHA384_DIGEST_SIZE directly from - deleted MAX_TPM_LOG_MSG. Redefined event[MAX_TPM_LOG_MSG] as event[0]. v6: - Rebased to the Jarkko's latest master branch (e717b5c:tpm: vtpm_proxy: conditionally call tpm_chip_unregister) - Retained securityfs setup functions in tpm_eventlog.c - Renamed tpm_eventlog.c to tpm1_eventlog.c - Fixed tpm_read_log_of() for NULL check and memcpy function. v5: - Upstreamed cleanup and fixes as different patchset - Rebased to the Jarkko's latest master branch (e5be084 tpm: vtpm_proxy: Do not access host's event log) - Patch "tpm: enhance read_log_of() to support Physical TPM event log - New Patch. - Patch "tpm: add securityfs support for TPM 2.0 firmware event log" - Moved the changes in read_log_of() to a different patch - TPM 2.0 event log data types are declared in tpm_eventlog.h, tpm2.h is removed. - Included other feedbacks also from Jarkko on aligment and extra line v4: - Includes feedbacks from Jarkko and Jason. - Patch "tpm: define a generic open() method for ascii & bios measurements". - Fix indentation issue. - Patch "tpm: replace the dynamically allocated bios_dir as struct dentry array". - Continue to use bios_dir_count variable to use is_bad() checks and to maintain correct order for securityfs_remove() during teardown. - Reset chip->bios_dir_count in teardown() function. - Patch "tpm: validate the eventlog access before tpm_bios_log_setup". - Retain TPM2 check which was removed in previous patch. - Add tpm_bios_log_setup failure handling. - Remove use of private data from v3 version of patch. Add a new member to struct tpm_chip to achieve the same purpose. - Patch "tpm: redefine the read_log method to check for ACPI/OF properties sequentially". - Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this patch from patch 3. - Replace -1 error code with -ENODEV. - Patch "tpm: replace the of_find_node_by_name() with dev of_node property". - Uses chip->dev.parent->of_node. - Created separate patch for cleanup of pr_err messages. - Patch "tpm: remove printk error messages". - New Patch. - Patch "tpm: add the securityfs file support for TPM 2.0 eventlog". - Parses event digests using event alg_id rather than event log header alg_id. - Uses of_property_match_string to differentiate tpm/vtpm compatible v3: - Includes the review feedbacks as suggested by Jason. - Split of patches into one patch per idea. - Generic open() method for ascii/bios measurements. - Replacement of of **bios_dir with *bios_dir[3]. - Verifying readlog() is successful before creating securityfs entries. - Generic readlog() to check for ACPI/OF in sequence. - read_log_of() method now uses of_node propertry rather than calling find_device_by_name. - read_log differentiates vtpm/tpm using its compatible property. - Cleans pr_err with dev_dbg. - Commit msgs subject line prefixed with tpm. v2: - Fixes issues as given in feedback by Jason. - Adds documentation for device tree. Nayna Jain (2): tp
[tpmdd-devel] [PATCH v6 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks
The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.
The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest. To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.
This patch reuses the defined digest sizes from the crypto subsystem,
adding a dependency on CRYPTO_HASH_INFO module.
[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/Kconfig | 1 +
drivers/char/tpm/tpm-interface.c | 15 ++-
drivers/char/tpm/tpm.h | 3 +-
drivers/char/tpm/tpm2-cmd.c | 91 +---
drivers/char/tpm/tpm_eventlog.h | 7
5 files changed, 73 insertions(+), 44 deletions(-)
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 277186d..af985cc 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -6,6 +6,7 @@ menuconfig TCG_TPM
tristate "TPM Hardware Support"
depends on HAS_IOMEM
select SECURITYFS
+ select CRYPTO_HASH_INFO
---help---
If you have a TPM security chip in your system, which
implements the Trusted Computing Group's specification,
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index a3461cb..cf959c3 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -772,13 +772,26 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8
*hash)
struct tpm_cmd_t cmd;
int rc;
struct tpm_chip *chip;
+ int max_active_banks = ARRAY_SIZE(chip->active_banks);
+ struct tpm2_digest digest_list[max_active_banks];
+ u32 count = 0;
+ int i;
chip = tpm_chip_find_get(chip_num);
if (chip == NULL)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
- rc = tpm2_pcr_extend(chip, pcr_idx, hash);
+ memset(digest_list, 0, sizeof(digest_list));
+
+ for (i = 0; (chip->active_banks[i] != TPM2_ALG_ERROR) &&
+(i < max_active_banks); i++) {
+ digest_list[i].alg_id = chip->active_banks[i];
+ memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE);
+ count++;
+ }
+
+ rc = tpm2_pcr_extend(chip, pcr_idx, count, digest_list);
tpm_put_ops(chip);
return rc;
}
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index c291f19..07a0677 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -534,7 +534,8 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
#endif
int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
+int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
+ struct tpm2_digest *digests);
int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
int tpm2_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload,
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 0e000a3..d78adb8 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -53,22 +53,6 @@ struct tpm2_pcr_read_out {
u8 digest[TPM_DIGEST_SIZE];
} __packed;
-struct tpm2_null_auth_area {
- __be32 handle;
- __be16 nonce_size;
- u8 attributes;
- __be16 auth_size;
-} __packed;
-
-struct tpm2_pcr_extend_in {
- __be32 pcr_idx;
- __be32 auth_area_size;
- struct tpm2_null_auth_area auth_area;
- __be32 digest_cnt;
- __be16 hash_alg;
- u8 digest[TPM_DIGEST_SIZE];
-} __packed;
-
struct tpm2_get_tpm_pt_in {
__be32 cap_id;
__be32 property_id;
@@ -97,7 +81,6 @@ union tpm2_cmd_params {
struct tpm2_self_test_in selftest_in;
struct tpm2_pcr_read_inpcrread_in;
struct tpm2_pcr_read_out pcrread_out;
- struct tpm2_pcr_extend_in pcrextend_in;
struct tpm2_get_tpm_pt_in get_tpm_pt_in;
struct tpm2_get_tpm_pt_out get_tpm_pt_out;
struct tpm2_get_random_in getrandom_in;
@@ -290,46 +273,68 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8
*res_buf)
return rc;
[tpmdd-devel] [PATCH v6 1/2] tpm: implement TPM 2.0 capability to get active PCR banks
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm.h | 5
drivers/char/tpm/tpm2-cmd.c | 59 +
2 files changed, 64 insertions(+)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1ae9768..c291f19 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -97,6 +97,7 @@ enum tpm2_return_codes {
};
enum tpm2_algorithms {
+ TPM2_ALG_ERROR = 0x,
TPM2_ALG_SHA1 = 0x0004,
TPM2_ALG_KEYEDHASH = 0x0008,
TPM2_ALG_SHA256 = 0x000B,
@@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
};
enum tpm2_capabilities {
+ TPM2_CAP_PCRS = 5,
TPM2_CAP_TPM_PROPERTIES = 6,
};
@@ -187,6 +189,8 @@ struct tpm_chip {
const struct attribute_group *groups[3];
unsigned int groups_cnt;
+
+ u16 active_banks[7];
#ifdef CONFIG_ACPI
acpi_handle acpi_dev_handle;
char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -545,4 +549,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
#endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6eda239..0e000a3 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -998,3 +998,62 @@ int tpm2_auto_startup(struct tpm_chip *chip)
rc = -ENODEV;
return rc;
}
+
+struct tpm2_pcr_selection {
+ __be16 hash_alg;
+ u8 size_of_select;
+ u8 pcr_select[3];
+} __packed;
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+ struct tpm2_pcr_selection pcr_selection;
+ struct tpm_buf buf;
+ void *marker;
+ unsigned int count = 0;
+ int rc;
+ int i;
+
+ rc = tpm_buf_init(, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
+ if (rc)
+ return rc;
+
+ tpm_buf_append_u32(, TPM2_CAP_PCRS);
+ tpm_buf_append_u32(, 0);
+ tpm_buf_append_u32(, 1);
+
+ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0,
+ "get tpm pcr allocation");
+ if (rc < 0)
+ goto out;
+
+ count = be32_to_cpup(
+ (__be32 *)[TPM_HEADER_SIZE + 5]);
+
+ if (count > ARRAY_SIZE(chip->active_banks)) {
+ rc = -ENODEV;
+ goto out;
+ }
+
+ marker = [TPM_HEADER_SIZE + 9];
+ for (i = 0; i < count; i++) {
+ memcpy(_selection, marker, sizeof(pcr_selection));
+ chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+ marker = marker + sizeof(struct tpm2_pcr_selection);
+ }
+
+out:
+ if (count < ARRAY_SIZE(chip->active_banks))
+ chip->active_banks[count] = TPM2_ALG_ERROR;
+
+ tpm_buf_destroy();
+
+ return rc;
+}
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 0/2] enhance TPM 2.0 extend function to support multiple PCR banks
IMA extends its hash measurements in the TPM PCRs, based on policy. The existing in-kernel TPM extend function extends only the SHA1 PCR bank. TPM 2.0 defines multiple PCR banks, to support different hash algorithms. The TCG TPM 2.0 Specification[1] recommends extending all active PCR banks to prevent malicious users from setting unused PCR banks with fake measurements and quoting them. This patch set adds support for extending all active PCR banks, as recommended. The first patch implements the TPM 2.0 capability to retrieve the list of active PCR banks. The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend() interface to support extending multiple PCR banks. The existing tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to extend all active PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest is padded with 0's as needed. [1] TPM 2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Changelog v5: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Moved variable declaration to start of function in tpm_pcr_extend() Changelog v4: - Updated cover letter as per Mimi's feedback. - Rebased to Jarkko's latest master branch (4064b6b tpm_tis: use default timeout value if chip reports it as zero) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Moved call to tpm2_get_pcr_allocation to Patch 2 - Renamed struct tpm2_tpms_pcr_selection to struct tpm2_pcr_selection and moved the struct to before tpm2_get_pcr_allocation() - Fixed code formatting - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Included Jarkkos' feedbacks - Updated commit msg to mention dependency on CRYPTO_HASH_INFO - Renamed struct tpmt_hash to struct tpm2_digest - Removed struct tpml_digest_values, tpm2_pcr_extend() now accepts count and digests list as two separate arguments. Added check for count of hashes passed. - Cleaned up struct tpm2_pcr_extend_in as not required anymore with use of tpm_buf - Moved struct tpm2_null_auth_area just before tpm2_pcr_extend() as it is the only function using it for now. - Fixed code formatting Changelog v3: - Rebased to the Jarkko's latest master branch (8e25809 tpm: Do not print an error message when doing TPM auto startup) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Removed getcap_in, getcap_out and used tpm_buf for getting capability. - Used ARRAY_SIZE in place of TPM_MAX_PCR_BANKS and included other feedbacks. - Patch "tpm: enhance TPM 2.0 PCR extend to support multiple banks" - Fixed kbuild errors - Fixed buf.data uninitialized warning. - Added TCG_TPM dependency on CONFIG_CRYPTO_HASH_INFO in Kconfig. Changelog v2: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - defined structs definition in tpm2-cmd.c. - no_of_active_banks field is removed. Instead, constant TPM2_MAX_PCR_BANKS is defined. - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation() - removed generic function tpm2_get_capability(). - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Removed tpm2.h, and defined structs common for extend and event log in tpm_eventlog.h - uses tpm_buf in tpm2_pcr_extend(). Nayna Jain (2): tpm: implement TPM 2.0 capability to get active PCR banks tpm: enhance TPM 2.0 PCR extend to support multiple banks drivers/char/tpm/Kconfig | 1 + drivers/char/tpm/tpm-interface.c | 15 +++- drivers/char/tpm/tpm.h | 7 +- drivers/char/tpm/tpm2-cmd.c | 148 --- drivers/char/tpm/tpm_eventlog.h | 7 ++ 5 files changed, 134 insertions(+), 44 deletions(-) -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v4 1/2] tpm: implement TPM 2.0 capability to get active PCR banks
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm.h | 4
drivers/char/tpm/tpm2-cmd.c | 57 +
2 files changed, 61 insertions(+)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1ae9768..573 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -127,6 +127,7 @@ enum tpm2_permanent_handles {
};
enum tpm2_capabilities {
+ TPM2_CAP_PCRS = 5,
TPM2_CAP_TPM_PROPERTIES = 6,
};
@@ -187,6 +188,8 @@ struct tpm_chip {
const struct attribute_group *groups[3];
unsigned int groups_cnt;
+
+ u16 active_banks[7];
#ifdef CONFIG_ACPI
acpi_handle acpi_dev_handle;
char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -545,4 +548,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
#endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6eda239..75a7546 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -998,3 +998,60 @@ int tpm2_auto_startup(struct tpm_chip *chip)
rc = -ENODEV;
return rc;
}
+
+struct tpm2_pcr_selection {
+ __be16 hash_alg;
+ u8 size_of_select;
+ u8 pcr_select[3];
+} __packed;
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+ struct tpm2_pcr_selection pcr_selection;
+ struct tpm_buf buf;
+ void *marker;
+ unsigned int count = 0;
+ int rc;
+ int i;
+
+ rc = tpm_buf_init(, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
+ if (rc)
+ return rc;
+
+ tpm_buf_append_u32(, TPM2_CAP_PCRS);
+ tpm_buf_append_u32(, 0);
+ tpm_buf_append_u32(, 1);
+
+ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0,
+ "get tpm pcr allocation");
+ if (rc < 0)
+ goto out;
+
+ count = be32_to_cpup(
+ (__be32 *)[TPM_HEADER_SIZE + 5]);
+
+ if (count > ARRAY_SIZE(chip->active_banks))
+ return -ENODEV;
+
+ marker = [TPM_HEADER_SIZE + 9];
+ for (i = 0; i < count; i++) {
+ memcpy(_selection, marker, sizeof(pcr_selection));
+ chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+ marker = marker + sizeof(struct tpm2_pcr_selection);
+ }
+
+out:
+ if (count < ARRAY_SIZE(chip->active_banks))
+ chip->active_banks[count] = 0;
+
+ tpm_buf_destroy();
+
+ return rc;
+}
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v4 0/2] enhance TPM 2.0 extend function to support multiple PCR banks
IMA extends its hash measurements in the TPM PCRs, based on policy. The existing in-kernel TPM extend function extends only the SHA1 PCR bank. TPM 2.0 defines multiple PCR banks, to support different hash algorithms. The TCG TPM 2.0 Specification[1] recommends extending all active PCR banks to prevent malicious users from setting unused PCR banks with fake measurements and quoting them. This patch set adds support for extending all active PCR banks, as recommended. The first patch implements the TPM 2.0 capability to retrieve the list of active PCR banks. The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend() interface to support extending multiple PCR banks. The existing tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to extend all active PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest is padded with 0's as needed. [1] TPM 2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Changelog v4: - Updated cover letter as per Mimi's feedback. - Rebased to Jarkko's latest master branch (4064b6b tpm_tis: use default timeout value if chip reports it as zero) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Moved call to tpm2_get_pcr_allocation to Patch 2 - Renamed struct tpm2_tpms_pcr_selection to struct tpm2_pcr_selection and moved the struct to before tpm2_get_pcr_allocation() - Fixed code formatting - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Included Jarkkos' feedbacks - Updated commit msg to mention dependency on CRYPTO_HASH_INFO - Renamed struct tpmt_hash to struct tpm2_digest - Removed struct tpml_digest_values, tpm2_pcr_extend() now accepts count and digests list as two separate arguments. Added check for count of hashes passed. - Cleaned up struct tpm2_pcr_extend_in as not required anymore with use of tpm_buf - Moved struct tpm2_null_auth_area just before tpm2_pcr_extend() as it is the only function using it for now. - Fixed code formatting Changelog v3: - Rebased to the Jarkko's latest master branch (8e25809 tpm: Do not print an error message when doing TPM auto startup) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Removed getcap_in, getcap_out and used tpm_buf for getting capability. - Used ARRAY_SIZE in place of TPM_MAX_PCR_BANKS and included other feedbacks. - Patch "tpm: enhance TPM 2.0 PCR extend to support multiple banks" - Fixed kbuild errors - Fixed buf.data uninitialized warning. - Added TCG_TPM dependency on CONFIG_CRYPTO_HASH_INFO in Kconfig. Changelog v2: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - defined structs definition in tpm2-cmd.c. - no_of_active_banks field is removed. Instead, constant TPM2_MAX_PCR_BANKS is defined. - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation() - removed generic function tpm2_get_capability(). - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Removed tpm2.h, and defined structs common for extend and event log in tpm_eventlog.h - uses tpm_buf in tpm2_pcr_extend(). Nayna Jain (2): tpm: implement TPM 2.0 capability to get active PCR banks tpm: enhance TPM 2.0 PCR extend to support multiple banks drivers/char/tpm/Kconfig | 1 + drivers/char/tpm/tpm-interface.c | 15 +++- drivers/char/tpm/tpm.h | 7 +- drivers/char/tpm/tpm2-cmd.c | 148 --- drivers/char/tpm/tpm_eventlog.h | 7 ++ 5 files changed, 134 insertions(+), 44 deletions(-) -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v3 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks
The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.
The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest. To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.
[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Kconfig | 1 +
drivers/char/tpm/tpm-interface.c | 16 +-
drivers/char/tpm/tpm.h | 3 +-
drivers/char/tpm/tpm2-cmd.c | 68 +++-
drivers/char/tpm/tpm_eventlog.h | 18 +++
5 files changed, 75 insertions(+), 31 deletions(-)
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 277186d..af985cc 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -6,6 +6,7 @@ menuconfig TCG_TPM
tristate "TPM Hardware Support"
depends on HAS_IOMEM
select SECURITYFS
+ select CRYPTO_HASH_INFO
---help---
If you have a TPM security chip in your system, which
implements the Trusted Computing Group's specification,
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index fecdd3f..e037dd2 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -7,6 +7,7 @@
* Dave Safford <saff...@watson.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -759,6 +760,7 @@ static const struct tpm_input_header pcrextend_header = {
int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
{
struct tpm_cmd_t cmd;
+ int i;
int rc;
struct tpm_chip *chip;
@@ -767,7 +769,19 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8
*hash)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
- rc = tpm2_pcr_extend(chip, pcr_idx, hash);
+ struct tpml_digest_values d_values;
+
+ memset(_values, 0, sizeof(d_values));
+
+ for (i = 0; (chip->active_banks[i] != 0) &&
+(i < ARRAY_SIZE(chip->active_banks)); i++) {
+ d_values.digests[i].alg_id = chip->active_banks[i];
+ memcpy(d_values.digests[i].digest, hash,
+ TPM_DIGEST_SIZE);
+ d_values.count++;
+ }
+
+ rc = tpm2_pcr_extend(chip, pcr_idx, _values);
tpm_put_ops(chip);
return rc;
}
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 573..dd82d58 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -533,7 +533,8 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
#endif
int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
+int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
+ struct tpml_digest_values *digests);
int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
int tpm2_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload,
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 87388921..5027a54 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -64,9 +64,7 @@ struct tpm2_pcr_extend_in {
__be32 pcr_idx;
__be32 auth_area_size;
struct tpm2_null_auth_area auth_area;
- __be32 digest_cnt;
- __be16 hash_alg;
- u8 digest[TPM_DIGEST_SIZE];
+ struct tpml_digest_values digests;
} __packed;
struct tpm2_get_tpm_pt_in {
@@ -296,46 +294,58 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8
*res_buf)
return rc;
}
-#define TPM2_GET_PCREXTEND_IN_SIZE \
- (sizeof(struct tpm_input_header) + \
-sizeof(struct tpm2_pcr_extend_in))
-
-static const struct tpm_input_header tpm2_pcrextend_header = {
- .tag = cpu_to_be16(TPM2_ST_SESSIONS),
- .length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
- .ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
-};
-
/**
* tpm2_pcr_extend() - extend a PCR value
*
* @chip: TPM chip to use.
* @pcr_idx: index of the PCR.
- * @hash: hash value to use for the extend operation.
+ * @digests: list of pcr banks and corresponding hash values to be extend
[tpmdd-devel] [PATCH v3 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks
IMA extends its hash measurements in the TPM PCRs, based on policy. The existing in-kernel TPM extend function extends only the SHA1 PCR bank. TPM 2.0 defines multiple PCR banks, to support different hash algorithms. The TCG TPM 2.0 Specification[1] recommends extending all active PCR banks to prevent malicious users from setting unused PCR banks with fake measurements and quoting them. This patch set adds support for extending all active PCR banks, as recommended. The first patch implements the TPM 2.0 capability to retrieve the list of active PCR banks. The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend() interface to support extending multiple PCR banks. The existing tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to extend all active PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest is padded with 0's as needed. This approach is taken to maintain backwards compatibility for IMA in order to continue working with both TPM 1.2 and TPM 2.0 without any changes and still comply with TCG TPM 2.0 Specification[1]. [1] TPM 2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Changelog v3: - Rebased to the Jarkko's latest master branch (8e25809 tpm: Do not print an error message when doing TPM auto startup) - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - Included Jarkko's feedbacks - Removed getcap_in, getcap_out and used tpm_buf for getting capability. - Used ARRAY_SIZE in place of TPM_MAX_PCR_BANKS and included other feedbacks. - Patch "tpm: enhance TPM 2.0 PCR extend to support multiple banks" - Fixed kbuild errors - Fixed buf.data uninitialized warning. - Added TCG_TPM dependency on CONFIG_CRYPTO_HASH_INFO in Kconfig. Changelog v2: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - defined structs definition in tpm2-cmd.c. - no_of_active_banks field is removed. Instead, constant TPM2_MAX_PCR_BANKS is defined. - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation() - removed generic function tpm2_get_capability(). - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Removed tpm2.h, and defined structs common for extend and event log in tpm_eventlog.h - uses tpm_buf in tpm2_pcr_extend(). Nayna Jain (2): tpm: implement TPM 2.0 capability to get active PCR banks tpm: enhance TPM 2.0 PCR extend to support multiple banks drivers/char/tpm/Kconfig | 1 + drivers/char/tpm/tpm-interface.c | 16 - drivers/char/tpm/tpm.h | 7 ++- drivers/char/tpm/tpm2-cmd.c | 127 ++- drivers/char/tpm/tpm_eventlog.h | 18 ++ 5 files changed, 138 insertions(+), 31 deletions(-) -- 2.5.0 -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v3 1/2] tpm: implement TPM 2.0 capability to get active PCR banks
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm.h | 4 +++
drivers/char/tpm/tpm2-cmd.c | 59 +
2 files changed, 63 insertions(+)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1ae9768..573 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -127,6 +127,7 @@ enum tpm2_permanent_handles {
};
enum tpm2_capabilities {
+ TPM2_CAP_PCRS = 5,
TPM2_CAP_TPM_PROPERTIES = 6,
};
@@ -187,6 +188,8 @@ struct tpm_chip {
const struct attribute_group *groups[3];
unsigned int groups_cnt;
+
+ u16 active_banks[7];
#ifdef CONFIG_ACPI
acpi_handle acpi_dev_handle;
char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -545,4 +548,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
#endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6eda239..87388921 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -83,6 +83,12 @@ struct tpm2_get_tpm_pt_out {
__be32 value;
} __packed;
+struct tpm2_tpms_pcr_selection {
+ __be16 hash_alg;
+ u8 size_of_select;
+ u8 pcr_select[3];
+} __packed;
+
struct tpm2_get_random_in {
__be16 size;
} __packed;
@@ -993,8 +999,61 @@ int tpm2_auto_startup(struct tpm_chip *chip)
}
}
+ rc = tpm2_get_pcr_allocation(chip);
+
out:
if (rc > 0)
rc = -ENODEV;
return rc;
}
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+ struct tpm2_tpms_pcr_selection pcr_selection;
+ struct tpm_buf buf;
+ void *marker;
+ unsigned int count = 0;
+ int rc;
+ int i;
+
+ rc = tpm_buf_init(, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
+ if (rc)
+ return rc;
+
+ tpm_buf_append_u32(, TPM2_CAP_PCRS);
+ tpm_buf_append_u32(, 0);
+ tpm_buf_append_u32(, 1);
+
+ rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0,
+ "get tpm pcr allocation");
+ if (rc < 0)
+ goto out;
+
+ count = be32_to_cpup(
+ (__be32 *) [TPM_HEADER_SIZE + 5]);
+
+ if (count > ARRAY_SIZE(chip->active_banks))
+ return -ENODEV;
+
+ marker = [TPM_HEADER_SIZE + 9];
+ for (i = 0; i < count; i++) {
+ memcpy(_selection, marker, sizeof(pcr_selection));
+ chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+ marker = marker + sizeof(struct tpm2_tpms_pcr_selection);
+ }
+
+out:
+ if (count < ARRAY_SIZE(chip->active_banks))
+ chip->active_banks[count] = 0;
+
+ tpm_buf_destroy();
+
+ return rc;
+}
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v8 0/2] securityfs support for TPM 2.0 firmware event log
The TPM device driver defines ascii and binary methods for
displaying the TPM 1.2 event log via securityfs files, which are
needed for validating a TPM quote. The device driver for TPM 2.0
does not have similar support for displaying the TPM 2.0
event log. This patch set adds the support for displaying
TPM 2.0 event log in binary format.
The parsing mechanism to display the TPM 2.0 event log in binary
format is implemented as defined in the TPM 2.0 TCG specification[1].
If the firmware event log support exists and is successfully read,
the securityfs file is created to provide the event log in binary
format for both the OF device tree and ACPI.
- Patch 1 adds the device tree bindings support for Physical TPM.
- Patch 2 adds the support for creating securityfs files and for
displaying the TPM 2.0 crypto agile event log in binary format.
[1] TCG EFI Protocol Specification, Family "2.0" - Section 5 "Event
Log Structure"
Changelog History
v8:
- Rebased to the Jarkko's latest master branch (8e25809 tpm:
Do not print an error message when doing TPM auto startup)
- Patch "tpm: add securityfs support for TPM 2.0 firmware event log"
- Added feedbacks from Jarkko
- tpm_read_log_acpi() returns -ENODEV for TPM 2.0.
- Fixed code formatting and comments.
v7:
- Rebased to the Jarkko's latest master branch (b2505f6 tpm/vtpm:
fix kdoc warnings)
- Included Jarkko's feedbacks on version v6.
- Cleaned up #defines in tpm2_eventlog.c
- renamed HASH_COUNT to TPM2_ACTIVE_PCR_BANKS
- deleted MAX_DIGEST_SIZE, used SHA384_DIGEST_SIZE directly from
- deleted MAX_TPM_LOG_MSG. Redefined event[MAX_TPM_LOG_MSG]
as event[0].
v6:
- Rebased to the Jarkko's latest master branch (e717b5c:tpm: vtpm_proxy:
conditionally call tpm_chip_unregister)
- Retained securityfs setup functions in tpm_eventlog.c
- Renamed tpm_eventlog.c to tpm1_eventlog.c
- Fixed tpm_read_log_of() for NULL check and memcpy function.
v5:
- Upstreamed cleanup and fixes as different patchset
- Rebased to the Jarkko's latest master branch (e5be084 tpm: vtpm_proxy:
Do not access host's event log)
- Patch "tpm: enhance read_log_of() to support Physical TPM event log
- New Patch.
- Patch "tpm: add securityfs support for TPM 2.0 firmware event log"
- Moved the changes in read_log_of() to a different patch
- TPM 2.0 event log data types are declared in tpm_eventlog.h, tpm2.h
is removed.
- Included other feedbacks also from Jarkko on aligment and extra
line
v4:
- Includes feedbacks from Jarkko and Jason.
- Patch "tpm: define a generic open() method for ascii & bios
measurements".
- Fix indentation issue.
- Patch "tpm: replace the dynamically allocated bios_dir as
struct dentry array".
- Continue to use bios_dir_count variable to use is_bad() checks and
to maintain correct order for securityfs_remove() during teardown.
- Reset chip->bios_dir_count in teardown() function.
- Patch "tpm: validate the eventlog access before tpm_bios_log_setup".
- Retain TPM2 check which was removed in previous patch.
- Add tpm_bios_log_setup failure handling.
- Remove use of private data from v3 version of patch. Add a
new member to struct tpm_chip to achieve the same purpose.
- Patch "tpm: redefine the read_log method to check for ACPI/OF
properties sequentially".
- Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this
patch from patch 3.
- Replace -1 error code with -ENODEV.
- Patch "tpm: replace the of_find_node_by_name() with dev of_node
property".
- Uses chip->dev.parent->of_node.
- Created separate patch for cleanup of pr_err messages.
- Patch "tpm: remove printk error messages".
- New Patch.
- Patch "tpm: add the securityfs file support for TPM 2.0 eventlog".
- Parses event digests using event alg_id rather than event log header
alg_id.
- Uses of_property_match_string to differentiate tpm/vtpm compatible
v3:
- Includes the review feedbacks as suggested by Jason.
- Split of patches into one patch per idea.
- Generic open() method for ascii/bios measurements.
- Replacement of of **bios_dir with *bios_dir[3].
- Verifying readlog() is successful before creating securityfs entries.
- Generic readlog() to check for ACPI/OF in sequence.
- read_log_of() method now uses of_node propertry rather than
calling find_device_by_name.
- read_log differentiates vtpm/tpm using its compatible property.
- Cleans pr_err with dev_dbg.
- Commit msgs subject line prefixed with tpm.
v2:
- Fixes issues as given in feedback by Jason.
- Adds documentation for device tree.
Nayna Jain (2):
tpm: enhance read_log_of() to support Physical TPM event log
tpm: add securityfs support for TPM 2.0 firmware event log
drivers/char/tpm/Makefile | 2 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 ++--
drivers/char/tpm/tpm2_eventlog.c
[tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM 2.0 firmware event log
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
not support the securityfs pseudo files for displaying the
firmware event log.
This patch enables support for providing the TPM 2.0 event log in
binary form. TPM 2.0 event log supports a crypto agile format that
records multiple digests, which is different from TPM 1.2. This
patch enables the tpm_bios_log_setup for TPM 2.0 and adds the
event log parser which understand the TPM 2.0 crypto agile format.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile | 2 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 ++--
drivers/char/tpm/tpm2_eventlog.c | 203 +
drivers/char/tpm/tpm_acpi.c| 3 +
drivers/char/tpm/tpm_eventlog.h| 63 +++
5 files changed, 291 insertions(+), 15 deletions(-)
rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a05b1eb..3d386a8 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
- tpm_eventlog.o
+ tpm1_eventlog.o tpm2_eventlog.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm1_eventlog.c
similarity index 95%
rename from drivers/char/tpm/tpm_eventlog.c
rename to drivers/char/tpm/tpm1_eventlog.c
index 11bb113..9a8605e 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm1_eventlog.c
@@ -390,9 +390,6 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
unsigned int cnt;
int rc = 0;
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return 0;
-
rc = tpm_read_log(chip);
if (rc)
return rc;
@@ -407,7 +404,13 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
cnt++;
chip->bin_log_seqops.chip = chip;
- chip->bin_log_seqops.seqops = _binary_b_measurements_seqops;
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ chip->bin_log_seqops.seqops =
+ _binary_b_measurements_seqops;
+ else
+ chip->bin_log_seqops.seqops =
+ _binary_b_measurements_seqops;
+
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
@@ -418,17 +421,21 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
goto err;
cnt++;
- chip->ascii_log_seqops.chip = chip;
- chip->ascii_log_seqops.seqops = _ascii_b_measurements_seqops;
+ if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
- chip->bios_dir[cnt] =
- securityfs_create_file("ascii_bios_measurements",
- 0440, chip->bios_dir[0],
- (void *)>ascii_log_seqops,
- _bios_measurements_ops);
- if (IS_ERR(chip->bios_dir[cnt]))
- goto err;
- cnt++;
+ chip->ascii_log_seqops.chip = chip;
+ chip->ascii_log_seqops.seqops =
+ _ascii_b_measurements_seqops;
+
+ chip->bios_dir[cnt] =
+ securityfs_create_file("ascii_bios_measurements",
+ 0440, chip->bios_dir[0],
+ (void *)>ascii_log_seqops,
+ _bios_measurements_ops);
+ if (IS_ERR(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
+ }
return 0;
diff --git a/drivers/char/tpm/tpm2_eventlog.c b/drivers/char/tpm/tpm2_eventlog.c
new file mode 100644
index 000..1063b09
--- /dev/null
+++ b/drivers/char/tpm/tpm2_eventlog.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2016 IBM Corporation
+ *
+ * Authors:
+ * Nayna Jain <na...@linux.vnet.ibm.com>
+ *
+ * Access to TPM 2.0 event log as written by Firmware.
+ * It assumes that writer of event log has followed TCG Specification
+ * for Family "2.0" and written the event data in little endian.
+ * With that, it doesn't need any endian conversion for structure
+ * content.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include "tpm.h"
+#include "tpm_eventlog.h"
+
+/*
+ * ca
[tpmdd-devel] [PATCH v2 1/2] tpm: implement TPM 2.0 capability to get active PCR banks
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm.h | 5 +++
drivers/char/tpm/tpm2-cmd.c | 79 +
2 files changed, 84 insertions(+)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1ae9768..3d8121e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -43,6 +43,7 @@ enum tpm_const {
TPM_NUM_DEVICES = 65536,
TPM_RETRY = 50, /* 5 seconds */
TPM_NUM_EVENT_LOG_FILES = 3,
+ TPM2_MAX_PCR_BANKS = 7,
};
enum tpm_timeout {
@@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
};
enum tpm2_capabilities {
+ TPM2_CAP_PCRS = 5,
TPM2_CAP_TPM_PROPERTIES = 6,
};
@@ -187,6 +189,8 @@ struct tpm_chip {
const struct attribute_group *groups[3];
unsigned int groups_cnt;
+
+ enum tpm2_algorithms active_banks[TPM2_MAX_PCR_BANKS];
#ifdef CONFIG_ACPI
acpi_handle acpi_dev_handle;
char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -545,4 +549,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
#endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6eda239..dd03fd8 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -83,6 +83,25 @@ struct tpm2_get_tpm_pt_out {
__be32 value;
} __packed;
+struct tpm2_tpms_pcr_selection {
+ __be16 hash_alg;
+ u8 size_of_select;
+ u8 pcr_select[3];
+} __packed;
+
+struct tpm2_getcap_in {
+ __be32 cap_id;
+ __be32 property_id;
+ __be32 property_cnt;
+} __packed;
+
+struct tpm2_getcap_out {
+ u8 more_data;
+ __be32 subcap_id;
+ __be32 count;
+ charcap_data[0];
+} __packed;
+
struct tpm2_get_random_in {
__be16 size;
} __packed;
@@ -100,6 +119,8 @@ union tpm2_cmd_params {
struct tpm2_pcr_extend_in pcrextend_in;
struct tpm2_get_tpm_pt_in get_tpm_pt_in;
struct tpm2_get_tpm_pt_out get_tpm_pt_out;
+ struct tpm2_getcap_in getcap_in;
+ struct tpm2_getcap_out getcap_out;
struct tpm2_get_random_in getrandom_in;
struct tpm2_get_random_out getrandom_out;
};
@@ -993,8 +1014,66 @@ int tpm2_auto_startup(struct tpm_chip *chip)
}
}
+ rc = tpm2_get_pcr_allocation(chip);
+
out:
if (rc > 0)
rc = -ENODEV;
return rc;
}
+
+#define TPM2_GETCAP_IN_SIZE \
+ (sizeof(struct tpm_input_header) + sizeof(struct tpm2_getcap_in))
+
+static const struct tpm_input_header tpm2_getcap_header = {
+ .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
+ .length = cpu_to_be32(TPM2_GETCAP_IN_SIZE),
+ .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
+};
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+ struct tpm2_cmd cmd;
+ struct tpm2_tpms_pcr_selection pcr_selection;
+ void *marker;
+ unsigned int count = 0;
+ int rc;
+ int i;
+
+ cmd.header.in = tpm2_getcap_header;
+ cmd.params.getcap_in.cap_id = cpu_to_be32(TPM2_CAP_PCRS);
+ cmd.params.getcap_in.property_id = cpu_to_be32(0);
+ cmd.params.getcap_in.property_cnt = cpu_to_be32(1);
+
+ rc = tpm_transmit_cmd(chip, , sizeof(cmd), 0,
+ "get tpm pcr allocation");
+ if (rc < 0)
+ goto out;
+
+ count = be32_to_cpu(cmd.params.getcap_out.count);
+ if (count > TPM2_MAX_PCR_BANKS) {
+ dev_err(>dev,
+ "%s: Error: Invalid active PCR banks count\n",
+ __func__);
+ return -ENODEV;
+ }
+
+ marker = _out.cap_data;
+ for (i = 0; i < count; i++) {
+ memcpy(_selection, marker, sizeof(pcr_selection));
+ chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+ marker = marker + sizeof(struct tpm2_tpms_pcr_selection);
+ }
+
+out:
+ if (count < TPM2_MAX_PCR_BANKS)
+ chip->active_banks[count] = 0;
+ return rc;
+}
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
[tpmdd-devel] [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks
IMA extends its hash measurements in the TPM PCRs, based on policy. The existing in-kernel TPM extend function extends only the SHA1 PCR bank. TPM 2.0 defines multiple PCR banks, to support different hash algorithms. The TCG TPM 2.0 Specification[1] recommends extending all active PCR banks to prevent malicious users from setting unused PCR banks with fake measurements and quoting them. This patch set adds support for extending all active PCR banks, as recommended. The first patch implements the TPM 2.0 capability to retrieve the list of active PCR banks. The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend() interface to support extending multiple PCR banks. The existing tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to extend all active PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest is padded with 0's as needed. This approach is taken to maintain backwards compatibility for IMA in order to continue working with both TPM 1.2 and TPM 2.0 without any changes and still comply with TCG TPM 2.0 Specification[1]. [1] TPM 2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Changelog v2: - Patch "tpm: implement TPM 2.0 capability to get active PCR banks" - defined structs definition in tpm2-cmd.c. - no_of_active_banks field is removed. Instead, constant TPM2_MAX_PCR_BANKS is defined. - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation() - removed generic function tpm2_get_capability(). - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks" - Removed tpm2.h, and defined structs common for extend and event log in tpm_eventlog.h - uses tpm_buf in tpm2_pcr_extend(). Nayna Jain (2): tpm: implement TPM 2.0 capability to get active PCR banks tpm: enhance TPM 2.0 PCR extend to support multiple banks drivers/char/tpm/tpm-interface.c | 16 - drivers/char/tpm/tpm.h | 8 ++- drivers/char/tpm/tpm2-cmd.c | 146 +++ drivers/char/tpm/tpm_eventlog.h | 15 4 files changed, 153 insertions(+), 32 deletions(-) -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v7 2/2] tpm: add securityfs support for TPM 2.0 firmware event log
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
not support the securityfs pseudo files for displaying the
firmware event log.
This patch enables support for providing the TPM 2.0 event log in
binary form. TPM 2.0 event log supports a crypto agile format that
records multiple digests, which is different from TPM 1.2. This
patch enables the tpm_bios_log_setup for TPM 2.0 and adds the
event log parser which understand the TPM 2.0 crypto agile format.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile | 2 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 ++--
drivers/char/tpm/tpm2_eventlog.c | 203 +
drivers/char/tpm/tpm_eventlog.h| 70 +++
4 files changed, 295 insertions(+), 15 deletions(-)
rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a05b1eb..3d386a8 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
- tpm_eventlog.o
+ tpm1_eventlog.o tpm2_eventlog.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm1_eventlog.c
similarity index 95%
rename from drivers/char/tpm/tpm_eventlog.c
rename to drivers/char/tpm/tpm1_eventlog.c
index 11bb113..9a8605e 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm1_eventlog.c
@@ -390,9 +390,6 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
unsigned int cnt;
int rc = 0;
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return 0;
-
rc = tpm_read_log(chip);
if (rc)
return rc;
@@ -407,7 +404,13 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
cnt++;
chip->bin_log_seqops.chip = chip;
- chip->bin_log_seqops.seqops = _binary_b_measurements_seqops;
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ chip->bin_log_seqops.seqops =
+ _binary_b_measurements_seqops;
+ else
+ chip->bin_log_seqops.seqops =
+ _binary_b_measurements_seqops;
+
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
@@ -418,17 +421,21 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
goto err;
cnt++;
- chip->ascii_log_seqops.chip = chip;
- chip->ascii_log_seqops.seqops = _ascii_b_measurements_seqops;
+ if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
- chip->bios_dir[cnt] =
- securityfs_create_file("ascii_bios_measurements",
- 0440, chip->bios_dir[0],
- (void *)>ascii_log_seqops,
- _bios_measurements_ops);
- if (IS_ERR(chip->bios_dir[cnt]))
- goto err;
- cnt++;
+ chip->ascii_log_seqops.chip = chip;
+ chip->ascii_log_seqops.seqops =
+ _ascii_b_measurements_seqops;
+
+ chip->bios_dir[cnt] =
+ securityfs_create_file("ascii_bios_measurements",
+ 0440, chip->bios_dir[0],
+ (void *)>ascii_log_seqops,
+ _bios_measurements_ops);
+ if (IS_ERR(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
+ }
return 0;
diff --git a/drivers/char/tpm/tpm2_eventlog.c b/drivers/char/tpm/tpm2_eventlog.c
new file mode 100644
index 000..63690d3
--- /dev/null
+++ b/drivers/char/tpm/tpm2_eventlog.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2016 IBM Corporation
+ *
+ * Authors:
+ * Nayna Jain <na...@linux.vnet.ibm.com>
+ *
+ * Access to TPM 2.0 event log as written by Firmware.
+ * It assumes that writer of event log has followed TCG Specification
+ * for Family "2.0" and written the event data in little endian.
+ * With that, it doesn't need any endian conversion for structure
+ * content.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include "tpm.h"
+#include "tpm_eventlog.h"
+
+static int calc_tpm2_event_size(struct tcg_pcr_event2 *eve
[tpmdd-devel] [PATCH v7 1/2] tpm: enhance read_log_of() to support Physical TPM event log
Physical TPMs use Open Firmware Device Tree bindings that are similar
to the IBM Power virtual TPM to support event log. However, these
properties store the values in different endianness for Physical
and Virtual TPM.
This patch fixes the endianness issue by doing appropriate conversion
based on Physical or Virtual TPM.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_of.c | 27 +++
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 7dee42d7..de57d4a 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -27,6 +27,8 @@ int tpm_read_log_of(struct tpm_chip *chip)
const u32 *sizep;
const u64 *basep;
struct tpm_bios_log *log;
+ u32 size;
+ u64 base;
log = >log;
if (chip->dev.parent && chip->dev.parent->of_node)
@@ -41,18 +43,35 @@ int tpm_read_log_of(struct tpm_chip *chip)
if (sizep == NULL || basep == NULL)
return -EIO;
- if (*sizep == 0) {
+ /*
+* For both vtpm/tpm, firmware has log addr and log size in big
+* endian format. But in case of vtpm, there is a method called
+* sml-handover which is run during kernel init even before
+* device tree is setup. This sml-handover function takes care
+* of endianness and writes to sml-base and sml-size in little
+* endian format. For this reason, vtpm doesn't need conversion
+* but physical tpm needs the conversion.
+*/
+ if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0) {
+ size = be32_to_cpup(sizep);
+ base = be64_to_cpup(basep);
+ } else {
+ size = *sizep;
+ base = *basep;
+ }
+
+ if (size == 0) {
dev_warn(>dev, "%s: Event log area empty\n", __func__);
return -EIO;
}
- log->bios_event_log = kmalloc(*sizep, GFP_KERNEL);
+ log->bios_event_log = kmalloc(size, GFP_KERNEL);
if (!log->bios_event_log)
return -ENOMEM;
- log->bios_event_log_end = log->bios_event_log + *sizep;
+ log->bios_event_log_end = log->bios_event_log + size;
- memcpy(log->bios_event_log, __va(*basep), *sizep);
+ memcpy(log->bios_event_log, __va(base), size);
return 0;
}
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v7 0/2] securityfs support for TPM 2.0 firmware event log
The TPM device driver defines ascii and binary methods for
displaying the TPM 1.2 event log via securityfs files, which are
needed for validating a TPM quote. The device driver for TPM 2.0
does not have similar support for displaying the TPM 2.0
event log. This patch set adds the support for displaying
TPM 2.0 event log in binary format.
The parsing mechanism to display the TPM 2.0 event log in binary
format is implemented as defined in the TPM 2.0 TCG specification[1].
If the firmware event log support exists and is successfully read,
the securityfs file is created to provide the event log in binary
format for both the OF device tree and ACPI.
- Patch 1 adds the device tree bindings support for Physical TPM.
- Patch 2 adds the support for creating securityfs files and for
displaying the TPM 2.0 crypto agile event log in binary format.
[1] TCG EFI Protocol Specification, Family "2.0" - Section 5 "Event
Log Structure"
Changelog History
v7:
- Rebased to the Jarkko's latest master branch (b2505f6 tpm/vtpm:
fix kdoc warnings)
- Included Jarkko's feedbacks on version v6.
- Cleaned up #defines in tpm2_eventlog.c
- renamed HASH_COUNT to TPM2_ACTIVE_PCR_BANKS
- deleted MAX_DIGEST_SIZE, used SHA384_DIGEST_SIZE directly from
- deleted MAX_TPM_LOG_MSG. Redefined event[MAX_TPM_LOG_MSG]
as event[0].
v6:
- Rebased to the Jarkko's latest master branch (e717b5c:tpm: vtpm_proxy:
conditionally call tpm_chip_unregister)
- Retained securityfs setup functions in tpm_eventlog.c
- Renamed tpm_eventlog.c to tpm1_eventlog.c
- Fixed tpm_read_log_of() for NULL check and memcpy function.
v5:
- Upstreamed cleanup and fixes as different patchset
- Rebased to the Jarkko's latest master branch (e5be084 tpm: vtpm_proxy:
Do not access host's event log)
- Patch "tpm: enhance read_log_of() to support Physical TPM event log
- New Patch.
- Patch "tpm: add securityfs support for TPM 2.0 firmware event log"
- Moved the changes in read_log_of() to a different patch
- TPM 2.0 event log data types are declared in tpm_eventlog.h, tpm2.h
is removed.
- Included other feedbacks also from Jarkko on aligment and extra
line
v4:
- Includes feedbacks from Jarkko and Jason.
- Patch "tpm: define a generic open() method for ascii & bios
measurements".
- Fix indentation issue.
- Patch "tpm: replace the dynamically allocated bios_dir as
struct dentry array".
- Continue to use bios_dir_count variable to use is_bad() checks and
to maintain correct order for securityfs_remove() during teardown.
- Reset chip->bios_dir_count in teardown() function.
- Patch "tpm: validate the eventlog access before tpm_bios_log_setup".
- Retain TPM2 check which was removed in previous patch.
- Add tpm_bios_log_setup failure handling.
- Remove use of private data from v3 version of patch. Add a
new member to struct tpm_chip to achieve the same purpose.
- Patch "tpm: redefine the read_log method to check for ACPI/OF
properties sequentially".
- Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this
patch from patch 3.
- Replace -1 error code with -ENODEV.
- Patch "tpm: replace the of_find_node_by_name() with dev of_node
property".
- Uses chip->dev.parent->of_node.
- Created separate patch for cleanup of pr_err messages.
- Patch "tpm: remove printk error messages".
- New Patch.
- Patch "tpm: add the securityfs file support for TPM 2.0 eventlog".
- Parses event digests using event alg_id rather than event log header
alg_id.
- Uses of_property_match_string to differentiate tpm/vtpm compatible
v3:
- Includes the review feedbacks as suggested by Jason.
- Split of patches into one patch per idea.
- Generic open() method for ascii/bios measurements.
- Replacement of of **bios_dir with *bios_dir[3].
- Verifying readlog() is successful before creating securityfs entries.
- Generic readlog() to check for ACPI/OF in sequence.
- read_log_of() method now uses of_node propertry rather than
calling find_device_by_name.
- read_log differentiates vtpm/tpm using its compatible property.
- Cleans pr_err with dev_dbg.
- Commit msgs subject line prefixed with tpm.
v2:
- Fixes issues as given in feedback by Jason.
- Adds documentation for device tree.
Nayna Jain (2):
tpm: enhance read_log_of() to support Physical TPM event log
tpm: add securityfs support for TPM 2.0 firmware event log
drivers/char/tpm/Makefile | 2 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 ++--
drivers/char/tpm/tpm2_eventlog.c | 203 +
drivers/char/tpm/tpm_eventlog.h| 70 +++
drivers/char/tpm/tpm_of.c | 27 ++-
5 files changed, 318 insertions(+), 19 deletions(-)
rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
create mode 100644 drivers/char/tpm/tpm2_eve
[tpmdd-devel] [PATCH v6 0/2] securityfs support for TPM 2.0 firmware event log
The TPM device driver defines ascii and binary methods for
displaying the TPM 1.2 event log via securityfs files, which are
needed for validating a TPM quote. The device driver for TPM 2.0
does not have similar support for displaying the TPM 2.0
event log. This patch set adds the support for displaying
TPM 2.0 event log in binary format.
The parsing mechanism to display the TPM 2.0 event log in binary
format is implemented as defined in the TPM 2.0 TCG specification[1].
If the firmware event log support exists and is successfully read,
the securityfs file is created to provide the event log in binary
format for both the OF device tree and ACPI.
- Patch 1 adds the device tree bindings support for Physical TPM.
- Patch 2 adds the support for creating securityfs files and for
displaying the TPM 2.0 crypto agile event log in binary format.
[1] TCG EFI Protocol Specification, Family "2.0" - Section 5 "Event
Log Structure"
Changelog History
v6:
- Rebased to the Jarkko's latest master branch (e717b5c:tpm: vtpm_proxy:
conditionally call tpm_chip_unregister)
- Retained securityfs setup functions in tpm_eventlog.c
- Renamed tpm_eventlog.c to tpm1_eventlog.c
- Fixed tpm_read_log_of() for NULL check and memcpy function.
v5:
- Upstreamed cleanup and fixes as different patchset
- Rebased to the Jarkko's latest master branch (e5be084 tpm: vtpm_proxy:
Do not access host's event log)
- Patch "tpm: enhance read_log_of() to support Physical TPM event log
- New Patch.
- Patch "tpm: add securityfs support for TPM 2.0 firmware event log"
- Moved the changes in read_log_of() to a different patch
- TPM 2.0 event log data types are declared in tpm_eventlog.h, tpm2.h
is removed.
- Included other feedbacks also from Jarkko on aligment and extra
line
v4:
- Includes feedbacks from Jarkko and Jason.
- Patch "tpm: define a generic open() method for ascii & bios
measurements".
- Fix indentation issue.
- Patch "tpm: replace the dynamically allocated bios_dir as
struct dentry array".
- Continue to use bios_dir_count variable to use is_bad() checks and
to maintain correct order for securityfs_remove() during teardown.
- Reset chip->bios_dir_count in teardown() function.
- Patch "tpm: validate the eventlog access before tpm_bios_log_setup".
- Retain TPM2 check which was removed in previous patch.
- Add tpm_bios_log_setup failure handling.
- Remove use of private data from v3 version of patch. Add a
new member to struct tpm_chip to achieve the same purpose.
- Patch "tpm: redefine the read_log method to check for ACPI/OF
properties sequentially".
- Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this
patch from patch 3.
- Replace -1 error code with -ENODEV.
- Patch "tpm: replace the of_find_node_by_name() with dev of_node
property".
- Uses chip->dev.parent->of_node.
- Created separate patch for cleanup of pr_err messages.
- Patch "tpm: remove printk error messages".
- New Patch.
- Patch "tpm: add the securityfs file support for TPM 2.0 eventlog".
- Parses event digests using event alg_id rather than event log header
alg_id.
- Uses of_property_match_string to differentiate tpm/vtpm compatible
v3:
- Includes the review feedbacks as suggested by Jason.
- Split of patches into one patch per idea.
- Generic open() method for ascii/bios measurements.
- Replacement of of **bios_dir with *bios_dir[3].
- Verifying readlog() is successful before creating securityfs entries.
- Generic readlog() to check for ACPI/OF in sequence.
- read_log_of() method now uses of_node propertry rather than
calling find_device_by_name.
- read_log differentiates vtpm/tpm using its compatible property.
- Cleans pr_err with dev_dbg.
- Commit msgs subject line prefixed with tpm.
v2:
- Fixes issues as given in feedback by Jason.
- Adds documentation for device tree.
Nayna Jain (2):
tpm: enhance read_log_of() to support Physical TPM event log
tpm: add securityfs support for TPM 2.0 firmware event log
drivers/char/tpm/Makefile | 2 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 ++--
drivers/char/tpm/tpm2_eventlog.c | 214 +
drivers/char/tpm/tpm_eventlog.h| 70 +++
drivers/char/tpm/tpm_of.c | 27 ++-
5 files changed, 329 insertions(+), 19 deletions(-)
rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
not support the securityfs pseudo files for displaying the
firmware event log.
This patch enables support for providing the TPM 2.0 event log in
binary form. TPM 2.0 event log supports a crypto agile format that
records multiple digests, which is different from TPM 1.2. This
patch enables the tpm_bios_log_setup for TPM 2.0 and adds the
event log parser which understand the TPM 2.0 crypto agile format.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 2 +-
drivers/char/tpm/tpm2_eventlog.c | 214 +++
drivers/char/tpm/tpm_eventlog.h | 69 +++
drivers/char/tpm/tpm_eventlog_init.c | 43 +++
4 files changed, 308 insertions(+), 20 deletions(-)
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index 1dc2671..f185a6a5 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
- tpm_eventlog.o tpm_eventlog_init.o
+ tpm_eventlog.o tpm_eventlog_init.o tpm2_eventlog.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm2_eventlog.c b/drivers/char/tpm/tpm2_eventlog.c
new file mode 100644
index 000..865e70e
--- /dev/null
+++ b/drivers/char/tpm/tpm2_eventlog.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2016 IBM Corporation
+ *
+ * Authors:
+ * Nayna Jain <na...@linux.vnet.ibm.com>
+ *
+ * Access to TPM 2.0 event log as written by Firmware.
+ * It assumes that writer of event log has followed TCG Spec 2.0
+ * has written the event struct data in little endian. With that,
+ * it doesn't need any endian conversion for structure content.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include "tpm.h"
+#include "tpm_eventlog.h"
+
+static int calc_tpm2_event_size(struct tcg_pcr_event2 *event,
+ struct tcg_pcr_event *event_header)
+{
+ struct tcg_efi_specid_event *efispecid;
+ struct tcg_event_field *event_field;
+ void *marker, *marker_start;
+ int i, j;
+ u16 halg;
+ u32 halg_size;
+ size_t size = 0;
+
+ /*
+* NOTE: TPM 2.0 supports extend to multiple PCR Banks. This implies
+* event log also has multiple digest values, one for each PCR Bank.
+* This is called Crypto Agile Log Entry Format.
+* TCG EFI Protocol Specification defines the procedure to parse
+* the event log. Below code implements this procedure to parse
+* correctly the Crypto agile log entry format.
+* Example of Crypto Agile Log Digests Format :
+* digest_values.count = 2;
+* digest_values.digest[0].alg_id = sha1;
+* digest_values.digest[0].digest.sha1 = {20 bytes raw data};
+* digest_values.digest[1].alg_id = sha256;
+* digest_values.digest[1].digest.sha256 = {32 bytes raw data};
+* Offset of eventsize is sizeof(count) + sizeof(alg_id) + 20
+* + sizeof(alg_id) + 32;
+*
+* Since, offset of event_size can vary based on digests count, offset
+* has to be calculated at run time. void *marker is used to traverse
+* the dynamic structure and calculate the offset of event_size.
+*/
+
+ marker = event;
+ marker_start = marker;
+ marker = marker + sizeof(event->pcr_idx) + sizeof(event->event_type)
+ + sizeof(event->digests.count);
+
+ efispecid = (struct tcg_efi_specid_event *) event_header->event;
+
+ for (i = 0; (i < event->digests.count) && (i < HASH_COUNT); i++) {
+ halg_size = sizeof(event->digests.digests[i].alg_id);
+ memcpy(, marker, halg_size);
+ marker = marker + halg_size;
+ for (j = 0; (j < efispecid->num_algs); j++) {
+ if (halg == efispecid->digest_sizes[j].alg_id) {
+ marker = marker +
+ efispecid->digest_sizes[j].digest_size;
+ break;
+ }
+ }
+ }
+
+ event_field = (struct tcg_event_field *) marker;
+ marker = marker + sizeof(event_field->event_size)
+ + event_field->event_size;
+ size = marker - marker_start;
+
+ if ((event->event_type == 0) && (even
[tpmdd-devel] [PATCH v5 0/3] tpm: securityfs support for TPM 2.0 firmware event log
The TPM device driver defines ascii and binary methods for displaying the TPM 1.2 event log via securityfs files, which are needed for validating a TPM quote. The device driver for TPM 2.0 does not have similar support for displaying the TPM 2.0 event log. This patch set adds the support for displaying TPM 2.0 event log in binary format. The parsing mechanism to display the TPM 2.0 event log in binary format is implemented as defined in the TPM 2.0 TCG specification[1]. If the firmware event log support exists and is successfully read, the securityfs file is created to provide the event log in binary format for both the OF device tree and ACPI. - Patch 1 moves the common TPM 1.2 and 2.0 event log initialization functions to a new file named tpm_eventlog_init.c. - Patch 2 adds the device tree bindings support for Physical TPM. - Patch 3 adds the support for creating securityfs files and for displaying the TPM 2.0 crypto agile event log in binary format. With that, this patch set splits the event log functionality into initialization functions, TPM 1.2 event log parsing and TPM 2.0 event log parsing. [1] TCG EFI Protocol Specification, Family "2.0" - Section 5 "Event Log Structure" Changelog History v5: - Upstreamed cleanup and fixes as different patchset - Rebased to the Jarkko's latest master branch (e5be084 tpm: vtpm_proxy: Do not access host's event log) - Patch "tpm: enhance read_log_of() to support Physical TPM event log - New Patch. - Patch "tpm: add securityfs support for TPM 2.0 firmware event log" - Moved the changes in read_log_of() to a different patch - TPM 2.0 event log data types are declared in tpm_eventlog.h, tpm2.h is removed. - Included other feedbacks also from Jarkko on aligment and extra line v4: - Includes feedbacks from Jarkko and Jason. - Patch "tpm: define a generic open() method for ascii & bios measurements". - Fix indentation issue. - Patch "tpm: replace the dynamically allocated bios_dir as struct dentry array". - Continue to use bios_dir_count variable to use is_bad() checks and to maintain correct order for securityfs_remove() during teardown. - Reset chip->bios_dir_count in teardown() function. - Patch "tpm: validate the eventlog access before tpm_bios_log_setup". - Retain TPM2 check which was removed in previous patch. - Add tpm_bios_log_setup failure handling. - Remove use of private data from v3 version of patch. Add a new member to struct tpm_chip to achieve the same purpose. - Patch "tpm: redefine the read_log method to check for ACPI/OF properties sequentially". - Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this patch from patch 3. - Replace -1 error code with -ENODEV. - Patch "tpm: replace the of_find_node_by_name() with dev of_node property". - Uses chip->dev.parent->of_node. - Created separate patch for cleanup of pr_err messages. - Patch "tpm: remove printk error messages". - New Patch. - Patch "tpm: add the securityfs file support for TPM 2.0 eventlog". - Parses event digests using event alg_id rather than event log header alg_id. - Uses of_property_match_string to differentiate tpm/vtpm compatible v3: - Includes the review feedbacks as suggested by Jason. - Split of patches into one patch per idea. - Generic open() method for ascii/bios measurements. - Replacement of of **bios_dir with *bios_dir[3]. - Verifying readlog() is successful before creating securityfs entries. - Generic readlog() to check for ACPI/OF in sequence. - read_log_of() method now uses of_node propertry rather than calling find_device_by_name. - read_log differentiates vtpm/tpm using its compatible property. - Cleans pr_err with dev_dbg. - Commit msgs subject line prefixed with tpm. v2: - Fixes issues as given in feedback by Jason. - Adds documentation for device tree. Nayna Jain (3): tpm: move event log init functions to tpm_eventlog_init.c tpm: enhance read_log_of() to support Physical TPM event log tpm: add securityfs support for TPM 2.0 firmware event log drivers/char/tpm/Makefile| 2 +- drivers/char/tpm/tpm2_eventlog.c | 214 +++ drivers/char/tpm/tpm_eventlog.c | 165 +-- drivers/char/tpm/tpm_eventlog.h | 72 drivers/char/tpm/tpm_eventlog_init.c | 194 +++ drivers/char/tpm/tpm_of.c| 27 - 6 files changed, 508 insertions(+), 166 deletions(-) create mode 100644 drivers/char/tpm/tpm2_eventlog.c create mode 100644 drivers/char/tpm/tpm_eventlog_init.c -- 2.5.0 -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 2/3] tpm: enhance read_log_of() to support Physical TPM event log
Physical TPMs use Open Firmware Device Tree bindings that are similar
to the IBM Power virtual TPM to support event log. However, these
properties store the values in different endianness for Physical
and Virtual TPM.
This patch fixes the endianness issue by doing appropriate conversion
based on Physical or Virtual TPM.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_of.c | 27 +++
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 7dee42d7..646aec1 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -27,6 +27,7 @@ int tpm_read_log_of(struct tpm_chip *chip)
const u32 *sizep;
const u64 *basep;
struct tpm_bios_log *log;
+ u32 log_size;
log = >log;
if (chip->dev.parent && chip->dev.parent->of_node)
@@ -34,25 +35,43 @@ int tpm_read_log_of(struct tpm_chip *chip)
else
return -ENODEV;
+ /*
+* For both vtpm/tpm, firmware has log addr and log size in big
+* endian format. But in case of vtpm, there is a method called
+* sml-handover which is run during kernel init even before
+* device tree is setup. This sml-handover function takes care
+* of endianness and writes to sml-base and sml-size in little
+* endian format. For this reason, vtpm doesn't need conversion
+* but physical tpm needs the conversion.
+*/
sizep = of_get_property(np, "linux,sml-size", NULL);
+ if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0)
+ log_size = be32_to_cpup(sizep);
+ else
+ log_size = *sizep;
+
basep = of_get_property(np, "linux,sml-base", NULL);
if (sizep == NULL && basep == NULL)
return -ENODEV;
if (sizep == NULL || basep == NULL)
return -EIO;
- if (*sizep == 0) {
+ if (log_size == 0) {
dev_warn(>dev, "%s: Event log area empty\n", __func__);
return -EIO;
}
- log->bios_event_log = kmalloc(*sizep, GFP_KERNEL);
+ log->bios_event_log = kmalloc(log_size, GFP_KERNEL);
if (!log->bios_event_log)
return -ENOMEM;
- log->bios_event_log_end = log->bios_event_log + *sizep;
+ log->bios_event_log_end = log->bios_event_log + log_size;
- memcpy(log->bios_event_log, __va(*basep), *sizep);
+ if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0)
+ memcpy(chip->log.bios_event_log, __va(be64_to_cpup(basep)),
+ log_size);
+ else
+ memcpy(chip->log.bios_event_log, __va(*basep), log_size);
return 0;
}
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH] tpm: use test_bit() to check TPM2 flag in eventlog and sysfs code
There is change done to introduce atomic bitops to set and test
chip->flags.
This patch fixes tpm_bios_log_setup() and tpm_sysfs_add_device()
to use test_bit() to check for TPM_CHIP_FLAG_TPM2 flag.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-sysfs.c| 2 +-
drivers/char/tpm/tpm_eventlog.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c
index 82298e51..9a37c26 100644
--- a/drivers/char/tpm/tpm-sysfs.c
+++ b/drivers/char/tpm/tpm-sysfs.c
@@ -284,7 +284,7 @@ static const struct attribute_group tpm_dev_group = {
void tpm_sysfs_add_device(struct tpm_chip *chip)
{
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ if (test_bit(TPM_CHIP_FLAG_TPM2, >flags))
return;
/* The sysfs routines rely on an implicit tpm_try_get_ops, device_del
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index ebec4ac..dede2ec 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -391,7 +391,7 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
unsigned int cnt;
int rc = 0;
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ if (test_bit(TPM_CHIP_FLAG_TPM2, >flags))
return 0;
rc = tpm_read_log(chip);
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v6 5/9] tpm: have event log use the tpm_chip
Move the backing memory for the event log into tpm_chip and push
the tpm_chip into read_log. This optimizes read_log processing by
only doing it once and prepares things for the next patches in the
series which require the tpm_chip to locate the event log via
ACPI and OF handles instead of searching.
This is straightfoward except for the issue of passing a kref through
i_private with securityfs. Since securityfs_remove does not have any
removal fencing like sysfs we use the inode lock to safely get a
kref on the tpm_chip.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-chip.c | 3 +-
drivers/char/tpm/tpm.h | 11 ++
drivers/char/tpm/tpm_acpi.c | 15 +--
drivers/char/tpm/tpm_eventlog.c | 88 ++---
drivers/char/tpm/tpm_eventlog.h | 2 +-
drivers/char/tpm/tpm_of.c | 4 +-
6 files changed, 85 insertions(+), 38 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 250a651..3f27753 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -127,6 +127,7 @@ static void tpm_dev_release(struct device *dev)
idr_remove(_nums_idr, chip->dev_num);
mutex_unlock(_lock);
+ kfree(chip->log.bios_event_log);
kfree(chip);
}
@@ -345,7 +346,7 @@ int tpm_chip_register(struct tpm_chip *chip)
tpm_sysfs_add_device(chip);
rc = tpm_bios_log_setup(chip);
- if (rc)
+ if (rc == -ENODEV)
return rc;
tpm_add_ppi(chip);
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 9d69580..1ae9768 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -35,6 +35,8 @@
#include
#include
+#include "tpm_eventlog.h"
+
enum tpm_const {
TPM_MINOR = 224,/* officially assigned */
TPM_BUFSIZE = 4096,
@@ -146,6 +148,11 @@ enum tpm_chip_flags {
TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4),
};
+struct tpm_chip_seqops {
+ struct tpm_chip *chip;
+ const struct seq_operations *seqops;
+};
+
struct tpm_chip {
struct device dev;
struct cdev cdev;
@@ -157,6 +164,10 @@ struct tpm_chip {
struct rw_semaphore ops_sem;
const struct tpm_class_ops *ops;
+ struct tpm_bios_log log;
+ struct tpm_chip_seqops bin_log_seqops;
+ struct tpm_chip_seqops ascii_log_seqops;
+
unsigned int flags;
int dev_num;/* /dev/tpm# */
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 565a947..01dfb35 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -9,7 +9,7 @@
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
- * Access to the eventlog extended by the TCG BIOS of PC platform
+ * Access to the event log extended by the TCG BIOS of PC platform
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -45,13 +45,15 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_bios_log *log)
+int read_log(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
void __iomem *virt;
u64 len, start;
+ struct tpm_bios_log *log;
+ log = >log;
if (log->bios_event_log != NULL) {
printk(KERN_ERR
"%s: ERROR - Eventlog already initialized\n",
@@ -97,13 +99,18 @@ int read_log(struct tpm_bios_log *log)
virt = acpi_os_map_iomem(start, len);
if (!virt) {
- kfree(log->bios_event_log);
printk("%s: ERROR - Unable to map memory\n", __func__);
- return -EIO;
+ goto err;
}
memcpy_fromio(log->bios_event_log, virt, len);
acpi_os_unmap_iomem(virt, len);
return 0;
+
+err:
+ kfree(log->bios_event_log);
+ log->bios_event_log = NULL;
+ return -EIO;
+
}
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 57ac862..f8c42fe 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -11,7 +11,7 @@
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
- * Access to the eventlog created by a system's firmware / BIOS
+ * Access to the event log created by a system's firmware / BIOS
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -73,7 +73,8 @@ static const char* tcpa_pc_event_id_strings[] = {
static void *tpm_bios_measurements_start(struct seq_file *m, loff_t *pos)
{
loff_t i;
- struct tpm_bios_log *log = m->private;
+ struct tpm_chip *chip = m->private;
+ struct tpm_bios_log *log = >log;
void *ad
[tpmdd-devel] [PATCH v6 6/9] tpm: fix the missing .owner in tpm_bios_measurements_ops
This patch fixes the missing .owner field in
tpm_bios_measurements_ops definition.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_eventlog.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index f8c42fe..5575ffc 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -349,6 +349,7 @@ static int tpm_bios_measurements_open(struct inode *inode,
}
static const struct file_operations tpm_bios_measurements_ops = {
+ .owner = THIS_MODULE,
.open = tpm_bios_measurements_open,
.read = seq_read,
.llseek = seq_lseek,
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v6 9/9] tpm: cleanup of printk error messages
This patch removes the unnecessary error messages on failing to
allocate memory and replaces pr_err/printk with dev_dbg/dev_info
as applicable.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_acpi.c | 16
drivers/char/tpm/tpm_of.c | 29 +
2 files changed, 13 insertions(+), 32 deletions(-)
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index fa30c969..ddbaef2 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -60,11 +60,8 @@ int read_log_acpi(struct tpm_chip *chip)
status = acpi_get_table(ACPI_SIG_TCPA, 1,
(struct acpi_table_header **));
- if (ACPI_FAILURE(status)) {
- printk(KERN_ERR "%s: ERROR - Could not get TCPA table\n",
- __func__);
+ if (ACPI_FAILURE(status))
return -EIO;
- }
switch(buff->platform_class) {
case BIOS_SERVER:
@@ -78,25 +75,20 @@ int read_log_acpi(struct tpm_chip *chip)
break;
}
if (!len) {
- printk(KERN_ERR "%s: ERROR - TCPA log area empty\n", __func__);
+ dev_warn(>dev, "%s: TCPA log area empty\n", __func__);
return -EIO;
}
/* malloc EventLog space */
log->bios_event_log = kmalloc(len, GFP_KERNEL);
- if (!log->bios_event_log) {
- printk("%s: ERROR - Not enough Memory for BIOS measurements\n",
- __func__);
+ if (!log->bios_event_log)
return -ENOMEM;
- }
log->bios_event_log_end = log->bios_event_log + len;
virt = acpi_os_map_iomem(start, len);
- if (!virt) {
- printk("%s: ERROR - Unable to map memory\n", __func__);
+ if (!virt)
goto err;
- }
memcpy_fromio(log->bios_event_log, virt, len);
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 22b8f81..3af829f 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -31,40 +31,29 @@ int read_log_of(struct tpm_chip *chip)
log = >log;
if (chip->dev.parent->of_node)
np = chip->dev.parent->of_node;
- if (!np) {
- pr_err("%s: ERROR - IBMVTPM not supported\n", __func__);
+ if (!np)
return -ENODEV;
- }
sizep = of_get_property(np, "linux,sml-size", NULL);
- if (sizep == NULL) {
- pr_err("%s: ERROR - SML size not found\n", __func__);
- goto cleanup_eio;
- }
+ if (sizep == NULL)
+ return -EIO;
+
if (*sizep == 0) {
- pr_err("%s: ERROR - event log area empty\n", __func__);
- goto cleanup_eio;
+ dev_warn(>dev, "%s: Event log area empty\n", __func__);
+ return -EIO;
}
basep = of_get_property(np, "linux,sml-base", NULL);
- if (basep == NULL) {
- pr_err("%s: ERROR - SML not found\n", __func__);
- goto cleanup_eio;
- }
+ if (basep == NULL)
+ return -EIO;
log->bios_event_log = kmalloc(*sizep, GFP_KERNEL);
- if (!log->bios_event_log) {
- pr_err("%s: ERROR - Not enough memory for BIOS measurements\n",
- __func__);
+ if (!log->bios_event_log)
return -ENOMEM;
- }
log->bios_event_log_end = log->bios_event_log + *sizep;
memcpy(log->bios_event_log, __va(*basep), *sizep);
return 0;
-
-cleanup_eio:
- return -EIO;
}
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v6 8/9] tpm: replace of_find_node_by_name() with dev of_node property
Using the device of_node property is a better way to refer to the
device tree node rather than of_find_node_by_name().
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm_of.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 7c30752..22b8f81 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -29,7 +29,8 @@ int read_log_of(struct tpm_chip *chip)
struct tpm_bios_log *log;
log = >log;
- np = of_find_node_by_name(NULL, "vtpm");
+ if (chip->dev.parent->of_node)
+ np = chip->dev.parent->of_node;
if (!np) {
pr_err("%s: ERROR - IBMVTPM not supported\n", __func__);
return -ENODEV;
@@ -55,18 +56,15 @@ int read_log_of(struct tpm_chip *chip)
if (!log->bios_event_log) {
pr_err("%s: ERROR - Not enough memory for BIOS measurements\n",
__func__);
- of_node_put(np);
return -ENOMEM;
}
log->bios_event_log_end = log->bios_event_log + *sizep;
memcpy(log->bios_event_log, __va(*basep), *sizep);
- of_node_put(np);
return 0;
cleanup_eio:
- of_node_put(np);
return -EIO;
}
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v6 7/9] tpm: redefine read_log() to handle ACPI/OF at runtime
Currently, read_log() has two implementations: one for ACPI platforms
and the other for device tree(OF) based platforms. The proper one is
selected at compile time using Kconfig and #ifdef in the Makefile,
which is not the recommended approach.
This patch removes the #ifdef in the Makefile by defining a single
read_log() method, which checks for ACPI/OF event log properties at
runtime.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/Makefile | 14 --
drivers/char/tpm/tpm_acpi.c | 9 ++---
drivers/char/tpm/tpm_eventlog.c | 20
drivers/char/tpm/tpm_eventlog.h | 22 +-
drivers/char/tpm/tpm_of.c | 8 ++--
5 files changed, 41 insertions(+), 32 deletions(-)
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a385fb8..a05b1eb 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -2,16 +2,10 @@
# Makefile for the kernel tpm device drivers.
#
obj-$(CONFIG_TCG_TPM) += tpm.o
-tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o
-tpm-$(CONFIG_ACPI) += tpm_ppi.o
-
-ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog.o tpm_acpi.o
-else
-ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog.o tpm_of.o
-endif
-endif
+tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
+ tpm_eventlog.o
+tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
+tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
obj-$(CONFIG_TCG_TIS) += tpm_tis.o
obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 01dfb35..fa30c969 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -6,6 +6,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -45,7 +46,7 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_chip *chip)
+int read_log_acpi(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
@@ -54,12 +55,6 @@ int read_log(struct tpm_chip *chip)
struct tpm_bios_log *log;
log = >log;
- if (log->bios_event_log != NULL) {
- printk(KERN_ERR
- "%s: ERROR - Eventlog already initialized\n",
- __func__);
- return -EFAULT;
- }
/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
status = acpi_get_table(ACPI_SIG_TCPA, 1,
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 5575ffc..cce679b 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -365,6 +365,26 @@ static int is_bad(void *p)
return 0;
}
+int read_log(struct tpm_chip *chip)
+{
+ int rc;
+
+ if (chip->log.bios_event_log != NULL) {
+ dev_dbg(>dev,
+ "%s: ERROR - event log already initialized\n",
+ __func__);
+ return -EFAULT;
+ }
+
+ rc = read_log_acpi(chip);
+ if ((rc == 0) || (rc == -ENOMEM))
+ return rc;
+
+ rc = read_log_of(chip);
+
+ return rc;
+}
+
int tpm_bios_log_setup(struct tpm_chip *chip)
{
const char *name = dev_name(>dev);
diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
index 6df2f8e..be529ad 100644
--- a/drivers/char/tpm/tpm_eventlog.h
+++ b/drivers/char/tpm/tpm_eventlog.h
@@ -73,20 +73,24 @@ enum tcpa_pc_event_ids {
HOST_TABLE_OF_DEVICES,
};
-int read_log(struct tpm_chip *chip);
-
-#if defined(CONFIG_TCG_IBMVTPM) || defined(CONFIG_TCG_IBMVTPM_MODULE) || \
- defined(CONFIG_ACPI)
-extern int tpm_bios_log_setup(struct tpm_chip *chip);
-extern void tpm_bios_log_teardown(struct tpm_chip *chip);
+#if defined(CONFIG_ACPI)
+int read_log_acpi(struct tpm_chip *chip);
#else
-static inline int tpm_bios_log_setup(struct tpm_chip *chip)
+static inline int read_log_acpi(struct tpm_chip *chip)
{
- return 0;
+ return -ENODEV;
}
-static inline void tpm_bios_log_teardown(struct tpm_chip *chip)
+#endif
+#if defined(CONFIG_OF)
+int read_log_of(struct tpm_chip *chip);
+#else
+static inline int read_log_of(struct tpm_chip *chip)
{
+ return -ENODEV;
}
#endif
+int tpm_bios_log_setup(struct tpm_chip *chip);
+void tpm_bios_log_teardown(struct tpm_chip *chip);
+
#endif
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 68d891a..7c30752 100644
--- a/drivers/char/tpm/tp
[tpmdd-devel] [PATCH v6 0/9] tpm: cleanup/fixes in existing event log support
This patch set includes the cleanup and bug fixes patches, previously part of the "tpm: add the securityfs pseudo files support for TPM 2.0 firmware event log" patch set, in order to upstream them more quickly. Changelog History: v6: - Patch "tpm: replace symbolic permission with octal for securityfs files" - New Patch. - Patch "tpm: have event log use the tpm_chip" - Changed commit description as per Jason's suggestion. - Fixed bug related to kfree() for bios_event_log. - Moved inode_unlock() just after get_device() in open(). - Returned -ENODEV for read_log() ENOMEM error and other errors as it is. - Added comment in tpm_bios_log_teardown() to explain inode_lock()/unlock reasoning. - Splitted .owner into different patch. - Patch "tpm: fix the missing .owner in tpm_bios_measurements_ops" - New Patch. - Patch "tpm: cleanup of printk error messages" - Replaced dev_info() with dev_warn(). - Updated commit description subject line. v5: - Moved cleanup/fixes patches into this patch set. - Patch "fix the race condition between event log access and chip getting unregistered" - updated subject line and commit description. - modified fops code to use chip kref. - modified fops to lock inode before accessing inode private data. - renamed tpm_securityfs_data to tpm_chip_seqops, as it no more holds bios log, but associates seqops with respective chip. For the same reason, moved it to tpm.h - Patch "replace or remove printk error messages" - cleaned up dev_dbg and used dev_info as applicable. v4: - Includes feedbacks from Jarkko and Jason. - Patch "tpm: define a generic open() method for ascii & bios measurements". - Fix indentation issue. - Patch "tpm: replace the dynamically allocated bios_dir as struct dentry array". - Continue to use bios_dir_count variable to use is_bad() checks and to maintain correct order for securityfs_remove() during teardown. - Reset chip->bios_dir_count in teardown() function. - Patch "tpm: validate the event log access before tpm_bios_log_setup". - Retain TPM2 check which was removed in previous patch. - Add tpm_bios_log_setup failure handling. - Remove use of private data from v3 version of patch. Add a new member to struct tpm_chip to achieve the same purpose. - Patch "tpm: redefine the read_log method to check for ACPI/OF properties sequentially". - Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this patch from patch 3. - Replace -1 error code with -ENODEV. - Patch "tpm: replace the of_find_node_by_name() with dev of_node property". - Uses chip->dev.parent->of_node. - Created separate patch for cleanup of pr_err messages. - Patch "tpm: remove printk error messages". - New Patch. - Patch "tpm: add the securityfs file support for TPM 2.0 event log". - Parses event digests using event alg_id rather than event log header alg_id. - Uses of_property_match_string to differentiate tpm/vtpm compatible property. - Adds the comment for difference in tpm/vtpm endianness. v3: - Includes the review feedbacks as suggested by Jason. - Split of patches into one patch per idea. - Generic open() method for ascii/bios measurements. - Replacement of of **bios_dir with *bios_dir[3]. - Verifying readlog() is successful before creating securityfs entries. - Generic readlog() to check for ACPI/OF in sequence. - read_log_of() method now uses of_node propertry rather than calling find_device_by_name. - read_log differentiates vtpm/tpm using its compatible property. - Cleans pr_err with dev_dbg. - Commit msgs subject line prefixed with tpm. v2: - Fixes issues as given in feedback by Jason. - Adds documentation for device tree. Nayna Jain (9): tpm: define a generic open() method for ascii & bios measurements tpm: replace symbolic permission with octal for securityfs files tpm: replace dynamically allocated bios_dir with a static array tpm: drop tpm1_chip_register(/unregister) tpm: have event log use the tpm_chip tpm: fix the missing .owner in tpm_bios_measurements_ops tpm: redefine read_log() to handle ACPI/OF at runtime tpm: replace of_find_node_by_name() with dev of_node property tpm: cleanup of printk error messages drivers/char/tpm/Makefile | 14 +-- drivers/char/tpm/tpm-chip.c | 33 ++ drivers/char/tpm/tpm-sysfs.c| 3 + drivers/char/tpm/tpm.h | 14 ++- drivers/char/tpm/tpm_acpi.c | 38 +++ drivers/char/tpm/tpm_eventlog.c | 222 +--- drivers/char/tpm/tpm_eventlog.h | 22 ++-- drivers/char/tpm/tpm_of.c | 45 +++- 8 files changed, 187 insertions(+), 204 deletions(-) -- 2.5.0 -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi process
[tpmdd-devel] [PATCH v6 4/9] tpm: drop tpm1_chip_register(/unregister)
Check for TPM2 chip in tpm_sysfs_add_device, tpm_bios_log_setup and
tpm_bios_log_teardown in order to make code flow cleaner and to enable
to implement TPM 2.0 support later on. This is partially derived from
the commit by Nayna Jain with the extension that also tpm1_chip_register
is dropped.
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm-chip.c | 31 +--
drivers/char/tpm/tpm-sysfs.c| 3 +++
drivers/char/tpm/tpm_eventlog.c | 3 +++
3 files changed, 11 insertions(+), 26 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index d0c1872..250a651 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -276,28 +276,6 @@ static void tpm_del_char_device(struct tpm_chip *chip)
up_write(>ops_sem);
}
-static int tpm1_chip_register(struct tpm_chip *chip)
-{
- int rc;
-
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return 0;
-
- tpm_sysfs_add_device(chip);
-
- rc = tpm_bios_log_setup(chip);
-
- return rc;
-}
-
-static void tpm1_chip_unregister(struct tpm_chip *chip)
-{
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return;
-
- tpm_bios_log_teardown(chip);
-}
-
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
{
struct attribute **i;
@@ -364,7 +342,9 @@ int tpm_chip_register(struct tpm_chip *chip)
return rc;
}
- rc = tpm1_chip_register(chip);
+ tpm_sysfs_add_device(chip);
+
+ rc = tpm_bios_log_setup(chip);
if (rc)
return rc;
@@ -372,7 +352,7 @@ int tpm_chip_register(struct tpm_chip *chip)
rc = tpm_add_char_device(chip);
if (rc) {
- tpm1_chip_unregister(chip);
+ tpm_bios_log_teardown(chip);
return rc;
}
@@ -402,8 +382,7 @@ EXPORT_SYMBOL_GPL(tpm_chip_register);
void tpm_chip_unregister(struct tpm_chip *chip)
{
tpm_del_legacy_sysfs(chip);
-
- tpm1_chip_unregister(chip);
+ tpm_bios_log_teardown(chip);
tpm_del_char_device(chip);
}
EXPORT_SYMBOL_GPL(tpm_chip_unregister);
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c
index 59a1ead..848ad65 100644
--- a/drivers/char/tpm/tpm-sysfs.c
+++ b/drivers/char/tpm/tpm-sysfs.c
@@ -284,6 +284,9 @@ static const struct attribute_group tpm_dev_group = {
void tpm_sysfs_add_device(struct tpm_chip *chip)
{
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ return;
+
/* The sysfs routines rely on an implicit tpm_try_get_ops, device_del
* is called before ops is null'd and the sysfs core synchronizes this
* removal so that no callbacks are running or can run again
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 62e9da6..57ac862 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -373,6 +373,9 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
const char *name = dev_name(>dev);
unsigned int cnt;
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ return 0;
+
cnt = 0;
chip->bios_dir[cnt] = securityfs_create_dir(name, NULL);
if (is_bad(chip->bios_dir[cnt]))
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v6 2/9] tpm: replace symbolic permission with octal for securityfs files
checkpatch.pl flags warning for symbolic permissions and suggests
to replace with octal value.
This patch changes securityfs pseudo files permission
to octal values in tpm_bios_log_setup().
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_eventlog.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 42b49c4..9467e31 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -378,7 +378,7 @@ struct dentry **tpm_bios_log_setup(const char *name)
bin_file =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ 0440, tpm_dir,
(void *)_binary_b_measurements_seqops,
_bios_measurements_ops);
if (is_bad(bin_file))
@@ -386,7 +386,7 @@ struct dentry **tpm_bios_log_setup(const char *name)
ascii_file =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ 0440, tpm_dir,
(void *)_ascii_b_measurements_seqops,
_bios_measurements_ops);
if (is_bad(ascii_file))
--
2.5.0
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v6 3/9] tpm: replace dynamically allocated bios_dir with a static array
This commit is based on a commit by Nayna Jain. Replaced dynamically
allocated bios_dir with a static array as the size is always constant.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm-chip.c | 9 ---
drivers/char/tpm/tpm.h | 3 ++-
drivers/char/tpm/tpm_eventlog.c | 59 ++---
drivers/char/tpm/tpm_eventlog.h | 10 +++
4 files changed, 38 insertions(+), 43 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 836f056..d0c1872 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -278,14 +278,16 @@ static void tpm_del_char_device(struct tpm_chip *chip)
static int tpm1_chip_register(struct tpm_chip *chip)
{
+ int rc;
+
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return 0;
tpm_sysfs_add_device(chip);
- chip->bios_dir = tpm_bios_log_setup(dev_name(>dev));
+ rc = tpm_bios_log_setup(chip);
- return 0;
+ return rc;
}
static void tpm1_chip_unregister(struct tpm_chip *chip)
@@ -293,8 +295,7 @@ static void tpm1_chip_unregister(struct tpm_chip *chip)
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return;
- if (chip->bios_dir)
- tpm_bios_log_teardown(chip->bios_dir);
+ tpm_bios_log_teardown(chip);
}
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index f9401ca..9d69580 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -40,6 +40,7 @@ enum tpm_const {
TPM_BUFSIZE = 4096,
TPM_NUM_DEVICES = 65536,
TPM_RETRY = 50, /* 5 seconds */
+ TPM_NUM_EVENT_LOG_FILES = 3,
};
enum tpm_timeout {
@@ -171,7 +172,7 @@ struct tpm_chip {
unsigned long duration[3]; /* jiffies */
bool duration_adjusted;
- struct dentry **bios_dir;
+ struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES];
const struct attribute_group *groups[3];
unsigned int groups_cnt;
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 9467e31..62e9da6 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -368,54 +368,47 @@ static int is_bad(void *p)
return 0;
}
-struct dentry **tpm_bios_log_setup(const char *name)
+int tpm_bios_log_setup(struct tpm_chip *chip)
{
- struct dentry **ret = NULL, *tpm_dir, *bin_file, *ascii_file;
+ const char *name = dev_name(>dev);
+ unsigned int cnt;
- tpm_dir = securityfs_create_dir(name, NULL);
- if (is_bad(tpm_dir))
- goto out;
+ cnt = 0;
+ chip->bios_dir[cnt] = securityfs_create_dir(name, NULL);
+ if (is_bad(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
- bin_file =
+ chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
- 0440, tpm_dir,
+ 0440, chip->bios_dir[0],
(void *)_binary_b_measurements_seqops,
_bios_measurements_ops);
- if (is_bad(bin_file))
- goto out_tpm;
+ if (is_bad(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
- ascii_file =
+ chip->bios_dir[cnt] =
securityfs_create_file("ascii_bios_measurements",
- 0440, tpm_dir,
+ 0440, chip->bios_dir[0],
(void *)_ascii_b_measurements_seqops,
_bios_measurements_ops);
- if (is_bad(ascii_file))
- goto out_bin;
+ if (is_bad(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
- ret = kmalloc(3 * sizeof(struct dentry *), GFP_KERNEL);
- if (!ret)
- goto out_ascii;
-
- ret[0] = ascii_file;
- ret[1] = bin_file;
- ret[2] = tpm_dir;
-
- return ret;
+ return 0;
-out_ascii:
- securityfs_remove(ascii_file);
-out_bin:
- securityfs_remove(bin_file);
-out_tpm:
- securityfs_remove(tpm_dir);
-out:
- return NULL;
+err:
+ chip->bios_dir[cnt] = NULL;
+ tpm_bios_log_teardown(chip);
+ return -EIO;
}
-void tpm_bios_log_teardown(struct dentry **lst)
+void tpm_bios_log_teardown(struct tpm_chip *chip)
{
int i;
- for (i = 0; i < 3; i++)
- securityfs_remove(lst[i]);
+ for (i = (TPM_NUM_EVENT_LOG_FILES - 1); i >= 0; i--)
+ securityfs_remove(chip->bios_dir[i]);
}
diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tp
[tpmdd-devel] [PATCH v6 1/9] tpm: define a generic open() method for ascii & bios measurements
open() method for event log ascii and binary bios measurements file
operations are very similar. This patch refactors the code into a
single open() call by passing seq_operations as i_node->private data.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm_eventlog.c | 63 ++---
1 file changed, 15 insertions(+), 48 deletions(-)
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index e722886..42b49c4 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -7,6 +7,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -304,26 +305,28 @@ static int tpm_ascii_bios_measurements_show(struct
seq_file *m, void *v)
return 0;
}
-static const struct seq_operations tpm_ascii_b_measurments_seqops = {
+static const struct seq_operations tpm_ascii_b_measurements_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_ascii_bios_measurements_show,
};
-static const struct seq_operations tpm_binary_b_measurments_seqops = {
+static const struct seq_operations tpm_binary_b_measurements_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_binary_bios_measurements_show,
};
-static int tpm_ascii_bios_measurements_open(struct inode *inode,
+static int tpm_bios_measurements_open(struct inode *inode,
struct file *file)
{
int err;
struct tpm_bios_log *log;
struct seq_file *seq;
+ const struct seq_operations *seqops =
+ (const struct seq_operations *)inode->i_private;
log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
if (!log)
@@ -333,7 +336,7 @@ static int tpm_ascii_bios_measurements_open(struct inode
*inode,
goto out_free;
/* now register seq file */
- err = seq_open(file, _ascii_b_measurments_seqops);
+ err = seq_open(file, seqops);
if (!err) {
seq = file->private_data;
seq->private = log;
@@ -349,46 +352,8 @@ static int tpm_ascii_bios_measurements_open(struct inode
*inode,
goto out;
}
-static const struct file_operations tpm_ascii_bios_measurements_ops = {
- .open = tpm_ascii_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int tpm_binary_bios_measurements_open(struct inode *inode,
-struct file *file)
-{
- int err;
- struct tpm_bios_log *log;
- struct seq_file *seq;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- if ((err = read_log(log)))
- goto out_free;
-
- /* now register seq file */
- err = seq_open(file, _binary_b_measurments_seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = log;
- } else {
- goto out_free;
- }
-
-out:
- return err;
-out_free:
- kfree(log->bios_event_log);
- kfree(log);
- goto out;
-}
-
-static const struct file_operations tpm_binary_bios_measurements_ops = {
- .open = tpm_binary_bios_measurements_open,
+static const struct file_operations tpm_bios_measurements_ops = {
+ .open = tpm_bios_measurements_open,
.read = seq_read,
.llseek = seq_lseek,
.release = tpm_bios_measurements_release,
@@ -413,15 +378,17 @@ struct dentry **tpm_bios_log_setup(const char *name)
bin_file =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _binary_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_binary_b_measurements_seqops,
+ _bios_measurements_ops);
if (is_bad(bin_file))
goto out_tpm;
ascii_file =
securityfs_create_file("ascii_bios_measurements",
-
[tpmdd-devel] [PATCH v3 1/2] Documentation: tpm: add the IBM Virtual TPM device tree binding documentation
Virtual TPM, which is being used on IBM POWER7+ and POWER8 systems running
POWERVM, is currently supported by tpm device driver but lacks the
documentation. This patch adds the missing documentation for the existing
support.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
Changelog v3:
- No changes done.
Changelog v2:
- New Patch.
.../devicetree/bindings/security/tpm/ibmvtpm.txt | 41 ++
1 file changed, 41 insertions(+)
create mode 100644 Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
diff --git a/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
b/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
new file mode 100644
index 000..d89f999
--- /dev/null
+++ b/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
@@ -0,0 +1,41 @@
+* Device Tree Bindings for IBM Virtual Trusted Platform Module(vtpm)
+
+Required properties:
+
+- compatible: property name that conveys the platform architecture
+ identifiers, as 'IBM,vtpm'
+- device_type : specifies type of virtual device
+- interrupts: property specifying the interrupt source number and
+ sense code associated with this virtual I/O Adapters
+- ibm,my-drc-index : integer index for the connector between the device
+ and its parent - present only if Dynamic
+ Reconfiguration(DR) Connector is enabled
+- ibm,#dma-address-cells: specifies the number of cells that are used to
+ encode the physical address field of dma-window
+ properties
+- ibm,#dma-size-cells : specifies the number of cells that are used to
+ encode the size field of dma-window properties
+- ibm,my-dma-window : specifies DMA window associated with this virtual
+ IOA
+- ibm,loc-code : specifies the unique and persistent location code
+ associated with this virtual I/O Adapters
+- linux,sml-base: 64-bit base address of the reserved memory allocated
+ for the firmware event log
+- linux,sml-size: size of the memory allocated for the firmware event
log
+
+Example (IBM Virtual Trusted Platform Module)
+-
+
+vtpm@3003 {
+ibm,#dma-size-cells = <0x2>;
+compatible = "IBM,vtpm";
+device_type = "IBM,vtpm";
+ibm,my-drc-index = <0x3003>;
+ibm,#dma-address-cells = <0x2>;
+linux,sml-base = <0xc60e 0x0>;
+interrupts = <0xa0003 0x0>;
+ibm,my-dma-window = <0x1003 0x0 0x0 0x0
0x1000>;
+ibm,loc-code = "U8286.41A.10082DV-V3-C3";
+reg = <0x3003>;
+linux,sml-size = <0xbce10200>;
+};
--
2.5.0
--
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 5/7] tpm: redefine read_log() to handle ACPI/OF at runtime
Currently, read_log() has two implementations: one for ACPI platforms
and the other for device tree(OF) based platforms. The proper one is
selected at compile time using Kconfig and #ifdef in the Makefile,
which is not the recommended approach.
This patch removes the #ifdef in the Makefile by defining a single
read_log() method, which checks for ACPI/OF event log properties at
runtime.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
---
drivers/char/tpm/Makefile | 14 --
drivers/char/tpm/tpm_acpi.c | 9 ++---
drivers/char/tpm/tpm_eventlog.c | 18 ++
drivers/char/tpm/tpm_eventlog.h | 22 +-
drivers/char/tpm/tpm_of.c | 8 ++--
5 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a385fb8..a05b1eb 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -2,16 +2,10 @@
# Makefile for the kernel tpm device drivers.
#
obj-$(CONFIG_TCG_TPM) += tpm.o
-tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o
-tpm-$(CONFIG_ACPI) += tpm_ppi.o
-
-ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog.o tpm_acpi.o
-else
-ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog.o tpm_of.o
-endif
-endif
+tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
+ tpm_eventlog.o
+tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
+tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
obj-$(CONFIG_TCG_TIS) += tpm_tis.o
obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 4d6c2d7..859bdba 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -6,6 +6,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -45,7 +46,7 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_chip *chip)
+int read_log_acpi(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
@@ -54,12 +55,6 @@ int read_log(struct tpm_chip *chip)
struct tpm_bios_log *log;
log = >log;
- if (log->bios_event_log != NULL) {
- printk(KERN_ERR
- "%s: ERROR - Eventlog already initialized\n",
- __func__);
- return -EFAULT;
- }
/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
status = acpi_get_table(ACPI_SIG_TCPA, 1,
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index bb142f2..b60c028 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -365,6 +365,24 @@ static int is_bad(void *p)
return 0;
}
+int read_log(struct tpm_chip *chip)
+{
+ int rc;
+
+ if (chip->log.bios_event_log != NULL) {
+ dev_dbg(>dev, "%s: ERROR - Eventlog already
initialized\n",
+ __func__);
+ return -EFAULT;
+ }
+
+ rc = read_log_acpi(chip);
+ if ((rc == 0) || (rc == -ENOMEM))
+ return rc;
+ rc = read_log_of(chip);
+ return rc;
+
+}
+
int tpm_bios_log_setup(struct tpm_chip *chip)
{
const char *name = dev_name(>dev);
diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
index 6df2f8e..be529ad 100644
--- a/drivers/char/tpm/tpm_eventlog.h
+++ b/drivers/char/tpm/tpm_eventlog.h
@@ -73,20 +73,24 @@ enum tcpa_pc_event_ids {
HOST_TABLE_OF_DEVICES,
};
-int read_log(struct tpm_chip *chip);
-
-#if defined(CONFIG_TCG_IBMVTPM) || defined(CONFIG_TCG_IBMVTPM_MODULE) || \
- defined(CONFIG_ACPI)
-extern int tpm_bios_log_setup(struct tpm_chip *chip);
-extern void tpm_bios_log_teardown(struct tpm_chip *chip);
+#if defined(CONFIG_ACPI)
+int read_log_acpi(struct tpm_chip *chip);
#else
-static inline int tpm_bios_log_setup(struct tpm_chip *chip)
+static inline int read_log_acpi(struct tpm_chip *chip)
{
- return 0;
+ return -ENODEV;
}
-static inline void tpm_bios_log_teardown(struct tpm_chip *chip)
+#endif
+#if defined(CONFIG_OF)
+int read_log_of(struct tpm_chip *chip);
+#else
+static inline int read_log_of(struct tpm_chip *chip)
{
+ return -ENODEV;
}
#endif
+int tpm_bios_log_setup(struct tpm_chip *chip);
+void tpm_bios_log_teardown(struct tpm_chip *chip);
+
#endif
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 68d891a..7c30752 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -2,6 +2,7 @@
* Copyright 2012 IBM Corporation
*
* Author:
[tpmdd-devel] [PATCH v5 1/7] tpm: define a generic open() method for ascii & bios measurements
open() method for event log ascii and binary bios measurements file
operations are very similar. This patch refactors the code into a
single open() call by passing seq_operations as i_node->private data.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm_eventlog.c | 59 +
1 file changed, 13 insertions(+), 46 deletions(-)
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index e722886..75e6644 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -7,6 +7,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -318,12 +319,14 @@ static const struct seq_operations
tpm_binary_b_measurments_seqops = {
.show = tpm_binary_bios_measurements_show,
};
-static int tpm_ascii_bios_measurements_open(struct inode *inode,
+static int tpm_bios_measurements_open(struct inode *inode,
struct file *file)
{
int err;
struct tpm_bios_log *log;
struct seq_file *seq;
+ const struct seq_operations *seqops =
+ (const struct seq_operations *)inode->i_private;
log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
if (!log)
@@ -333,7 +336,7 @@ static int tpm_ascii_bios_measurements_open(struct inode
*inode,
goto out_free;
/* now register seq file */
- err = seq_open(file, _ascii_b_measurments_seqops);
+ err = seq_open(file, seqops);
if (!err) {
seq = file->private_data;
seq->private = log;
@@ -349,46 +352,8 @@ out_free:
goto out;
}
-static const struct file_operations tpm_ascii_bios_measurements_ops = {
- .open = tpm_ascii_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int tpm_binary_bios_measurements_open(struct inode *inode,
-struct file *file)
-{
- int err;
- struct tpm_bios_log *log;
- struct seq_file *seq;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- if ((err = read_log(log)))
- goto out_free;
-
- /* now register seq file */
- err = seq_open(file, _binary_b_measurments_seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = log;
- } else {
- goto out_free;
- }
-
-out:
- return err;
-out_free:
- kfree(log->bios_event_log);
- kfree(log);
- goto out;
-}
-
-static const struct file_operations tpm_binary_bios_measurements_ops = {
- .open = tpm_binary_bios_measurements_open,
+static const struct file_operations tpm_bios_measurements_ops = {
+ .open = tpm_bios_measurements_open,
.read = seq_read,
.llseek = seq_lseek,
.release = tpm_bios_measurements_release,
@@ -413,15 +378,17 @@ struct dentry **tpm_bios_log_setup(const char *name)
bin_file =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _binary_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_binary_b_measurments_seqops,
+ _bios_measurements_ops);
if (is_bad(bin_file))
goto out_tpm;
ascii_file =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _ascii_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_ascii_b_measurments_seqops,
+ _bios_measurements_ops);
if (is_bad(ascii_file))
goto out_bin;
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 4/7] tpm: fix the race condition between event log access and chip getting unregistered
Currently, the event log file operations are not serialized with
tpm_chip_unregister(), which can possibly cause a race condition.
This patch fixes the race condition by:
- moving read_log() from fops to chip register.
- disallowing event log file operations when chip unregister is in
progress.
- guarding event log memory using chip krefs.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-chip.c | 1 +
drivers/char/tpm/tpm.h | 11 ++
drivers/char/tpm/tpm_acpi.c | 12 +--
drivers/char/tpm/tpm_eventlog.c | 80 ++---
drivers/char/tpm/tpm_eventlog.h | 2 +-
drivers/char/tpm/tpm_of.c | 4 ++-
6 files changed, 76 insertions(+), 34 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index eac1f10..813e0d7 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -127,6 +127,7 @@ static void tpm_dev_release(struct device *dev)
idr_remove(_nums_idr, chip->dev_num);
mutex_unlock(_lock);
+ kfree(chip->log.bios_event_log);
kfree(chip);
}
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 4c118a4..bfe93e6 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -35,6 +35,8 @@
#include
#include
+#include "tpm_eventlog.h"
+
enum tpm_const {
TPM_MINOR = 224,/* officially assigned */
TPM_BUFSIZE = 4096,
@@ -146,6 +148,11 @@ enum tpm_chip_flags {
TPM_CHIP_FLAG_VIRTUAL = BIT(3),
};
+struct tpm_chip_seqops {
+ struct tpm_chip *chip;
+ const struct seq_operations *seqops;
+};
+
struct tpm_chip {
struct device dev;
struct cdev cdev;
@@ -157,6 +164,10 @@ struct tpm_chip {
struct rw_semaphore ops_sem;
const struct tpm_class_ops *ops;
+ struct tpm_bios_log log;
+ struct tpm_chip_seqops bin_log_seqops;
+ struct tpm_chip_seqops ascii_log_seqops;
+
unsigned int flags;
int dev_num;/* /dev/tpm# */
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 565a947..4d6c2d7 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -45,13 +45,15 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_bios_log *log)
+int read_log(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
void __iomem *virt;
u64 len, start;
+ struct tpm_bios_log *log;
+ log = >log;
if (log->bios_event_log != NULL) {
printk(KERN_ERR
"%s: ERROR - Eventlog already initialized\n",
@@ -97,13 +99,17 @@ int read_log(struct tpm_bios_log *log)
virt = acpi_os_map_iomem(start, len);
if (!virt) {
- kfree(log->bios_event_log);
printk("%s: ERROR - Unable to map memory\n", __func__);
- return -EIO;
+ goto err;
}
memcpy_fromio(log->bios_event_log, virt, len);
acpi_os_unmap_iomem(virt, len);
return 0;
+
+err:
+ kfree(log->bios_event_log);
+ return -EIO;
+
}
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 753e92d..bb142f2 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -73,7 +73,8 @@ static const char* tcpa_pc_event_id_strings[] = {
static void *tpm_bios_measurements_start(struct seq_file *m, loff_t *pos)
{
loff_t i;
- struct tpm_bios_log *log = m->private;
+ struct tpm_chip *chip = m->private;
+ struct tpm_bios_log *log = >log;
void *addr = log->bios_event_log;
void *limit = log->bios_event_log_end;
struct tcpa_event *event;
@@ -120,7 +121,8 @@ static void *tpm_bios_measurements_next(struct seq_file *m,
void *v,
loff_t *pos)
{
struct tcpa_event *event = v;
- struct tpm_bios_log *log = m->private;
+ struct tpm_chip *chip = m->private;
+ struct tpm_bios_log *log = >log;
void *limit = log->bios_event_log_end;
u32 converted_event_size;
u32 converted_event_type;
@@ -261,13 +263,10 @@ static int tpm_binary_bios_measurements_show(struct
seq_file *m, void *v)
static int tpm_bios_measurements_release(struct inode *inode,
struct file *file)
{
- struct seq_file *seq = file->private_data;
- struct tpm_bios_log *log = seq->private;
+ struct seq_file *seq = (struct seq_file *)file->private_data;
+ struct tpm_chip *chip = (struct tpm_chip *)seq->private;
- if (log) {
- kfree(log->bios_event_log);
- kfree(log);
- }
+ put_device(>dev);
[tpmdd-devel] [PATCH v5 2/7] tpm: replace dynamically allocated bios_dir with a static array
From: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
This commit is based on a commit by Nayna Jain. Replaced dynamically
allocated bios_dir with a static array as the size is always constant.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm-chip.c | 9 ---
drivers/char/tpm/tpm.h | 3 ++-
drivers/char/tpm/tpm_eventlog.c | 60 +++--
drivers/char/tpm/tpm_eventlog.h | 10 +++
4 files changed, 39 insertions(+), 43 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index e595013..a56b609 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -278,14 +278,16 @@ static void tpm_del_char_device(struct tpm_chip *chip)
static int tpm1_chip_register(struct tpm_chip *chip)
{
+ int rc;
+
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return 0;
tpm_sysfs_add_device(chip);
- chip->bios_dir = tpm_bios_log_setup(dev_name(>dev));
+ rc = tpm_bios_log_setup(chip);
- return 0;
+ return rc;
}
static void tpm1_chip_unregister(struct tpm_chip *chip)
@@ -293,8 +295,7 @@ static void tpm1_chip_unregister(struct tpm_chip *chip)
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return;
- if (chip->bios_dir)
- tpm_bios_log_teardown(chip->bios_dir);
+ tpm_bios_log_teardown(chip);
}
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 4d183c9..4c118a4 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -40,6 +40,7 @@ enum tpm_const {
TPM_BUFSIZE = 4096,
TPM_NUM_DEVICES = 65536,
TPM_RETRY = 50, /* 5 seconds */
+ TPM_NUM_EVENT_LOG_FILES = 3,
};
enum tpm_timeout {
@@ -171,7 +172,7 @@ struct tpm_chip {
unsigned long duration[3]; /* jiffies */
bool duration_adjusted;
- struct dentry **bios_dir;
+ struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES];
const struct attribute_group *groups[3];
unsigned int groups_cnt;
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 75e6644..c1c92d9 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -368,54 +368,48 @@ static int is_bad(void *p)
return 0;
}
-struct dentry **tpm_bios_log_setup(const char *name)
+int tpm_bios_log_setup(struct tpm_chip *chip)
{
- struct dentry **ret = NULL, *tpm_dir, *bin_file, *ascii_file;
+ const char *name = dev_name(>dev);
+ unsigned int cnt;
- tpm_dir = securityfs_create_dir(name, NULL);
- if (is_bad(tpm_dir))
- goto out;
+ cnt = 0;
+ chip->bios_dir[cnt] =
+ securityfs_create_dir(name, NULL);
+ if (is_bad(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
- bin_file =
+ chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ S_IRUSR | S_IRGRP, chip->bios_dir[0],
(void *)_binary_b_measurments_seqops,
_bios_measurements_ops);
- if (is_bad(bin_file))
- goto out_tpm;
+ if (is_bad(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
- ascii_file =
+ chip->bios_dir[cnt] =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ S_IRUSR | S_IRGRP, chip->bios_dir[0],
(void *)_ascii_b_measurments_seqops,
_bios_measurements_ops);
- if (is_bad(ascii_file))
- goto out_bin;
+ if (is_bad(chip->bios_dir[cnt]))
+ goto err;
+ cnt++;
- ret = kmalloc(3 * sizeof(struct dentry *), GFP_KERNEL);
- if (!ret)
- goto out_ascii;
-
- ret[0] = ascii_file;
- ret[1] = bin_file;
- ret[2] = tpm_dir;
-
- return ret;
+ return 0;
-out_ascii:
- securityfs_remove(ascii_file);
-out_bin:
- securityfs_remove(bin_file);
-out_tpm:
- securityfs_remove(tpm_dir);
-out:
- return NULL;
+err:
+ chip->bios_dir[cnt] = NULL;
+ tpm_bios_log_teardown(chip);
+ return -EIO;
}
-void tpm_bios_log_teardown(struct dentry **lst)
+void tpm_bios_log_teardown(struct tpm_chip *chip)
{
int i;
- for (i = 0; i < 3; i++)
- securityfs_remove(lst[i]);
+ for (i = (TPM_NUM_EVENT_LOG_FILES - 1); i >= 0; i--)
+
[tpmdd-devel] [PATCH v5 6/7] tpm: replace of_find_node_by_name() with dev of_node property
Using the device of_node property is a better way to refer to the
device tree node rather than of_find_node_by_name().
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm_of.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 7c30752..22b8f81 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -29,7 +29,8 @@ int read_log_of(struct tpm_chip *chip)
struct tpm_bios_log *log;
log = >log;
- np = of_find_node_by_name(NULL, "vtpm");
+ if (chip->dev.parent->of_node)
+ np = chip->dev.parent->of_node;
if (!np) {
pr_err("%s: ERROR - IBMVTPM not supported\n", __func__);
return -ENODEV;
@@ -55,18 +56,15 @@ int read_log_of(struct tpm_chip *chip)
if (!log->bios_event_log) {
pr_err("%s: ERROR - Not enough memory for BIOS measurements\n",
__func__);
- of_node_put(np);
return -ENOMEM;
}
log->bios_event_log_end = log->bios_event_log + *sizep;
memcpy(log->bios_event_log, __va(*basep), *sizep);
- of_node_put(np);
return 0;
cleanup_eio:
- of_node_put(np);
return -EIO;
}
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 3/7] tpm: drop tpm1_chip_register(/unregister)
From: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Check for TPM2 chip in tpm_sysfs_add_device, tpm_bios_log_setup and
tpm_bios_log_teardown in order to make code flow cleaner and to enable
to implement TPM 2.0 support later on. This is partially derived from
the commit by Nayna Jain with the extension that also tpm1_chip_register
is dropped.
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
drivers/char/tpm/tpm-chip.c | 31 +--
drivers/char/tpm/tpm-sysfs.c| 3 +++
drivers/char/tpm/tpm_eventlog.c | 3 +++
3 files changed, 11 insertions(+), 26 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index a56b609..eac1f10 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -276,28 +276,6 @@ static void tpm_del_char_device(struct tpm_chip *chip)
up_write(>ops_sem);
}
-static int tpm1_chip_register(struct tpm_chip *chip)
-{
- int rc;
-
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return 0;
-
- tpm_sysfs_add_device(chip);
-
- rc = tpm_bios_log_setup(chip);
-
- return rc;
-}
-
-static void tpm1_chip_unregister(struct tpm_chip *chip)
-{
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return;
-
- tpm_bios_log_teardown(chip);
-}
-
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
{
struct attribute **i;
@@ -364,7 +342,9 @@ int tpm_chip_register(struct tpm_chip *chip)
return rc;
}
- rc = tpm1_chip_register(chip);
+ tpm_sysfs_add_device(chip);
+
+ rc = tpm_bios_log_setup(chip);
if (rc)
return rc;
@@ -372,7 +352,7 @@ int tpm_chip_register(struct tpm_chip *chip)
rc = tpm_add_char_device(chip);
if (rc) {
- tpm1_chip_unregister(chip);
+ tpm_bios_log_teardown(chip);
return rc;
}
@@ -407,8 +387,7 @@ void tpm_chip_unregister(struct tpm_chip *chip)
return;
tpm_del_legacy_sysfs(chip);
-
- tpm1_chip_unregister(chip);
+ tpm_bios_log_teardown(chip);
tpm_del_char_device(chip);
}
EXPORT_SYMBOL_GPL(tpm_chip_unregister);
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c
index a76ab4a..1eca5ec 100644
--- a/drivers/char/tpm/tpm-sysfs.c
+++ b/drivers/char/tpm/tpm-sysfs.c
@@ -284,6 +284,9 @@ static const struct attribute_group tpm_dev_group = {
void tpm_sysfs_add_device(struct tpm_chip *chip)
{
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ return;
+
/* The sysfs routines rely on an implicit tpm_try_get_ops, device_del
* is called before ops is null'd and the sysfs core synchronizes this
* removal so that no callbacks are running or can run again
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index c1c92d9..753e92d 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -373,6 +373,9 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
const char *name = dev_name(>dev);
unsigned int cnt;
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ return 0;
+
cnt = 0;
chip->bios_dir[cnt] =
securityfs_create_dir(name, NULL);
--
2.5.0
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v5 0/7] tpm: cleanup/fixes in existing event log support
This patch set includes the cleanup and bug fixes patches, previously part of the "tpm: add the securityfs pseudo files support for TPM 2.0 firmware event log" patch set, in order to upstream them more quickly. Changelog History v5: - Moved cleanup/fixes patches into this patch set. - Patch "fix the race condition between event log access and chip getting unregistered" - updated subject line and commit description. - modified fops code to use chip kref. - modified fops to lock inode before accessing inode private data. - renamed tpm_securityfs_data to tpm_chip_seqops, as it no more holds bios log, but associates seqops with respective chip. For the same reason, moved it to tpm.h - Patch "replace or remove printk error messages" - cleaned up dev_dbg and used dev_info as applicable. v4: - Includes feedbacks from Jarkko and Jason. - Patch "tpm: define a generic open() method for ascii & bios measurements". - Fix indentation issue. - Patch "tpm: replace the dynamically allocated bios_dir as struct dentry array". - Continue to use bios_dir_count variable to use is_bad() checks and to maintain correct order for securityfs_remove() during teardown. - Reset chip->bios_dir_count in teardown() function. - Patch "tpm: validate the event log access before tpm_bios_log_setup". - Retain TPM2 check which was removed in previous patch. - Add tpm_bios_log_setup failure handling. - Remove use of private data from v3 version of patch. Add a new member to struct tpm_chip to achieve the same purpose. - Patch "tpm: redefine the read_log method to check for ACPI/OF properties sequentially". - Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this patch from patch 3. - Replace -1 error code with -ENODEV. - Patch "tpm: replace the of_find_node_by_name() with dev of_node property". - Uses chip->dev.parent->of_node. - Created separate patch for cleanup of pr_err messages. - Patch "tpm: remove printk error messages". - New Patch. - Patch "tpm: add the securityfs file support for TPM 2.0 event log". - Parses event digests using event alg_id rather than event log header alg_id. - Uses of_property_match_string to differentiate tpm/vtpm compatible property. - Adds the comment for difference in tpm/vtpm endianness. v3: - Includes the review feedbacks as suggested by Jason. - Split of patches into one patch per idea. - Generic open() method for ascii/bios measurements. - Replacement of of **bios_dir with *bios_dir[3]. - Verifying readlog() is successful before creating securityfs entries. - Generic readlog() to check for ACPI/OF in sequence. - read_log_of() method now uses of_node propertry rather than calling find_device_by_name. - read_log differentiates vtpm/tpm using its compatible property. - Cleans pr_err with dev_dbg. - Commit msgs subject line prefixed with tpm. v2: - Fixes issues as given in feedback by Jason. - Adds documentation for device tree. Jarkko Sakkinen (2): tpm: replace dynamically allocated bios_dir with a static array tpm: drop tpm1_chip_register(/unregister) Nayna Jain (5): tpm: define a generic open() method for ascii & bios measurements tpm: fix the race condition between event log access and chip getting unregistered tpm: redefine read_log() to handle ACPI/OF at runtime tpm: replace of_find_node_by_name() with dev of_node property tpm: replace or remove printk error messages drivers/char/tpm/Makefile | 14 +-- drivers/char/tpm/tpm-chip.c | 31 ++ drivers/char/tpm/tpm-sysfs.c| 3 + drivers/char/tpm/tpm.h | 14 ++- drivers/char/tpm/tpm_acpi.c | 36 +++ drivers/char/tpm/tpm_eventlog.c | 208 drivers/char/tpm/tpm_eventlog.h | 22 +++-- drivers/char/tpm/tpm_of.c | 46 - 8 files changed, 176 insertions(+), 198 deletions(-) -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH 1/2] tpm: implement TPM 2.0 capability to get active PCR banks
As per the TCG 2.0 spec, the extend operation should be done to
all active PCR banks. However, current TPM 2.0 support doesn't
have the capability implemented to get active PCR banks.
This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve active PCR banks from the TPM.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-chip.c | 4 +++
drivers/char/tpm/tpm.h | 8 -
drivers/char/tpm/tpm2-cmd.c | 80 +
drivers/char/tpm/tpm2.h | 35
4 files changed, 126 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 72715fa..667240b 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -27,6 +27,7 @@
#include
#include
#include "tpm.h"
+#include "tpm2.h"
#include "tpm_eventlog.h"
DEFINE_IDR(dev_nums_idr);
@@ -364,6 +365,9 @@ int tpm_chip_register(struct tpm_chip *chip)
chip->flags |= TPM_CHIP_FLAG_REGISTERED;
+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ tpm2_get_active_pcr_banks(chip);
+
rc = tpm_add_legacy_sysfs(chip);
if (rc) {
tpm_chip_unregister(chip);
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 989227a..70f5ac4 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -36,6 +36,9 @@
#include
#include "tpm_eventlog.h"
+#include "tpm2.h"
+
+#define TPM2_ACTIVE_BANKS_COUNTHASH_COUNT
enum tpm_const {
TPM_MINOR = 224,/* officially assigned */
@@ -126,6 +129,7 @@ enum tpm2_permanent_handles {
};
enum tpm2_capabilities {
+ TPM2_CAP_PCRS = 5,
TPM2_CAP_TPM_PROPERTIES = 6,
};
@@ -167,6 +171,9 @@ struct tpm_chip {
int dev_num;/* /dev/tpm# */
unsigned long is_open; /* only one allowed */
+ int no_of_active_banks; /* Applicable on TPM2.0 */
+ enum tpm2_algorithms active_banks[TPM2_ACTIVE_BANKS_COUNT];
+
struct mutex tpm_mutex; /* tpm is processing */
unsigned long timeout_a; /* jiffies */
@@ -526,7 +533,6 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
#endif
int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
int tpm2_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload,
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 7df55d5..c597cf3c 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -100,6 +100,8 @@ union tpm2_cmd_params {
struct tpm2_pcr_extend_in pcrextend_in;
struct tpm2_get_tpm_pt_in get_tpm_pt_in;
struct tpm2_get_tpm_pt_out get_tpm_pt_out;
+ struct tpm2_get_cap_in get_cap_in;
+ struct tpm2_get_cap_outget_cap_out;
struct tpm2_get_random_in getrandom_in;
struct tpm2_get_random_out getrandom_out;
};
@@ -990,3 +992,81 @@ out:
rc = -ENODEV;
return rc;
}
+
+#define TPM2_GET_CAPABILITY_IN_SIZE \
+ (sizeof(struct tpm_input_header) + \
+sizeof(struct tpm2_get_cap_in))
+
+static const struct tpm_input_header tpm2_get_capability_header = {
+ .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
+ .length = cpu_to_be32(TPM2_GET_CAPABILITY_IN_SIZE),
+ .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
+};
+
+int tpm2_get_capability(struct tpm_chip *chip, struct tpm2_get_cap_in *cap_in,
+ struct tpm2_get_cap_out *cap_out)
+{
+
+ struct tpm2_cmd cmd;
+ int rc;
+ u32 cap_id;
+
+ cmd.header.in = tpm2_get_capability_header;
+ cmd.params.get_cap_in.cap_id = cpu_to_be32(cap_in->cap_id);
+ cmd.params.get_cap_in.property_id = cpu_to_be32(cap_in->property_id);
+ cmd.params.get_cap_in.property_cnt = cpu_to_be32(cap_in->property_cnt);
+
+ rc = tpm_transmit_cmd(chip, (const char *) , sizeof(cmd), 0,
+ "attempting get capability operation");
+ if (rc < 0)
+ return rc;
+ cap_id = be32_to_cpu(cmd.params.get_cap_out.cap_data.cap_id);
+
+ switch (cap_id) {
+ case TPM2_CAP_PCRS:
+ memcpy(_out->cap_data, _cap_out.cap_data,
+ sizeof(cmd.params.get_cap_out.cap_data));
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+
+ return rc;
+}
+
+int tpm2_get_active_pcr_banks(struct tpm_chip *chip)
+{
+ struct tpm2_get_cap_in cap_in;
+ struct tpm2_get_cap_out cap_out;
+ struct tpm2_tpms_pcr_selection *pcr_selection;
+ void *marker;
+ u32 cap_id;
+ int rc, count, i;
+
+ cap_in.cap_id = T
[tpmdd-devel] [PATCH 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks
Like TPM 1.2, the current device driver for TPM 2.0 supports
extending only to the SHA1 PCR bank. But the TPM 2.0 supports multiple
PCR banks and the specification recommends extending to all active PCR
banks, this patch enhances the existing device driver support for
TPM 2.0 extend function and its in-kernel interface to extend to all
active PCR banks.
The existing in-kernel interface expects only a SHA1 digest.
Hence, to extend all active PCR banks with differing digest sizes
for TPM 2.0, the SHA1 digest is padded with trailing 0's as needed.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-interface.c | 17 --
drivers/char/tpm/tpm2-cmd.c | 71 ++--
drivers/char/tpm/tpm2.h | 18 ++
3 files changed, 79 insertions(+), 27 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 7743e8a..5dd5005 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -7,6 +7,7 @@
* Dave Safford <saff...@watson.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -32,6 +33,7 @@
#include
#include "tpm.h"
+#include "tpm2.h"
#include "tpm_eventlog.h"
#define TPM_MAX_ORDINAL 243
@@ -752,7 +754,7 @@ static const struct tpm_input_header pcrextend_header = {
int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
{
struct tpm_cmd_t cmd;
- int rc;
+ int i, rc;
struct tpm_chip *chip;
chip = tpm_chip_find_get(chip_num);
@@ -760,7 +762,18 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8
*hash)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
- rc = tpm2_pcr_extend(chip, pcr_idx, hash);
+ struct tpml_digest_values d_values;
+
+ memset(_values, 0, sizeof(d_values));
+
+ for (i = 0; i < chip->no_of_active_banks; i++) {
+ d_values.digests[i].alg_id =
+ chip->active_banks[i];
+ memcpy(d_values.digests[i].digest, hash,
+ TPM_DIGEST_SIZE);
+ d_values.count++;
+ }
+ rc = tpm2_pcr_extend(chip, pcr_idx, _values);
tpm_put_ops(chip);
return rc;
}
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index c597cf3c..8ba2992 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -16,6 +16,7 @@
*/
#include "tpm.h"
+#include "tpm2.h"
#include
#include
@@ -53,22 +54,6 @@ struct tpm2_pcr_read_out {
u8 digest[TPM_DIGEST_SIZE];
} __packed;
-struct tpm2_null_auth_area {
- __be32 handle;
- __be16 nonce_size;
- u8 attributes;
- __be16 auth_size;
-} __packed;
-
-struct tpm2_pcr_extend_in {
- __be32 pcr_idx;
- __be32 auth_area_size;
- struct tpm2_null_auth_area auth_area;
- __be32 digest_cnt;
- __be16 hash_alg;
- u8 digest[TPM_DIGEST_SIZE];
-} __packed;
-
struct tpm2_get_tpm_pt_in {
__be32 cap_id;
__be32 property_id;
@@ -300,38 +285,74 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8
*res_buf)
static const struct tpm_input_header tpm2_pcrextend_header = {
.tag = cpu_to_be16(TPM2_ST_SESSIONS),
- .length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
.ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
};
/**
* tpm2_pcr_extend() - extend a PCR value
- * @chip: TPM chip to use.
- * @pcr_idx: index of the PCR.
- * @hash: hash value to use for the extend operation.
+ * @chip: TPM chip to use.
+ * @pcr_idx: index of the PCR.
+ * @digest_values: list of hash values to be extended.
*
* 0 is returned when the operation is successful. If a negative number is
* returned it remarks a POSIX error code. If a positive number is returned
* it remarks a TPM error.
*/
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
+int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
+ struct tpml_digest_values *digest_list)
{
struct tpm2_cmd cmd;
- int rc;
+ int i, j, rc;
+ void *marker;
+ size_t size;
+ u32 halg_size;
+ u16 halg;
cmd.header.in = tpm2_pcrextend_header;
+ size = sizeof(struct tpm_input_header);
+
cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
+ size = size + sizeof(cmd.params
[tpmdd-devel] [PATCH 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks
The existing in-kernel interface for extending a TPM PCR extends the SHA1 PCR bank. For TPM 1.2, that is the one and only PCR bank defined. TPM 2.0 adds support for multiple PCR banks, to support different hash algorithms. The TPM 2.0 Specification[1] recommends extending all active PCR banks. This patch set enhances the existing TPM 2.0 extend function and corresponding in-kernel interface to support extending all active PCR banks. The first patch implements the TPM 2.0 capability to retrieve the list of active PCR banks. The second patch modifies the TPM 2.0 device driver extend function to support extending multiple PCR banks. The existing in-kernel interface expects only a SHA1 digest. Hence, to extend all active PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest is padded with 0's as needed. This approach is taken to maintain backwards compatibility for the existing users (i.e. IMA) in order to continue working with both TPM 1.2 and TPM 2.0 without any changes and still comply with the TPM 2.0 Specification[1] requirement of extending all active PCR banks. This patch series has a prerequisite(header file tpm2.h) of TPM 2.0 event log patch series. [1] TPM2.0 Specification referred here is "TCG PC Client Specific Platform Firmware Profile for TPM 2.0" Nayna Jain (2): tpm: implement TPM 2.0 capability to get active PCR banks tpm: enhance TPM 2.0 PCR extend to support multiple banks drivers/char/tpm/tpm-chip.c | 4 ++ drivers/char/tpm/tpm-interface.c | 17 - drivers/char/tpm/tpm.h | 8 ++- drivers/char/tpm/tpm2-cmd.c | 151 --- drivers/char/tpm/tpm2.h | 53 ++ 5 files changed, 205 insertions(+), 28 deletions(-) -- 2.5.0 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v4 3/8] tpm: validate event log access before tpm_bios_log_setup
Currently, the securityfs pseudo files for obtaining the firmware
event log are created whether the event log properties exist or not.
This patch creates ascii and bios measurements pseudo files
only if read_log() is successful.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm.h | 6 +
drivers/char/tpm/tpm_acpi.c | 12 +++---
drivers/char/tpm/tpm_eventlog.c | 53 +++--
drivers/char/tpm/tpm_eventlog.h | 7 +-
drivers/char/tpm/tpm_of.c | 4 +++-
5 files changed, 48 insertions(+), 34 deletions(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index b5866bb..68630cd 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -35,6 +35,8 @@
#include
#include
+#include "tpm_eventlog.h"
+
enum tpm_const {
TPM_MINOR = 224,/* officially assigned */
TPM_BUFSIZE = 4096,
@@ -156,6 +158,10 @@ struct tpm_chip {
struct rw_semaphore ops_sem;
const struct tpm_class_ops *ops;
+ struct tpm_bios_log log;
+ struct tpm_securityfs_data bin_sfs_data;
+ struct tpm_securityfs_data ascii_sfs_data;
+
unsigned int flags;
int dev_num;/* /dev/tpm# */
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 565a947..4d6c2d7 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -45,13 +45,15 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_bios_log *log)
+int read_log(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
void __iomem *virt;
u64 len, start;
+ struct tpm_bios_log *log;
+ log = >log;
if (log->bios_event_log != NULL) {
printk(KERN_ERR
"%s: ERROR - Eventlog already initialized\n",
@@ -97,13 +99,17 @@ int read_log(struct tpm_bios_log *log)
virt = acpi_os_map_iomem(start, len);
if (!virt) {
- kfree(log->bios_event_log);
printk("%s: ERROR - Unable to map memory\n", __func__);
- return -EIO;
+ goto err;
}
memcpy_fromio(log->bios_event_log, virt, len);
acpi_os_unmap_iomem(virt, len);
return 0;
+
+err:
+ kfree(log->bios_event_log);
+ return -EIO;
+
}
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index f1df782..a8cd4a1 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -261,14 +261,6 @@ static int tpm_binary_bios_measurements_show(struct
seq_file *m, void *v)
static int tpm_bios_measurements_release(struct inode *inode,
struct file *file)
{
- struct seq_file *seq = file->private_data;
- struct tpm_bios_log *log = seq->private;
-
- if (log) {
- kfree(log->bios_event_log);
- kfree(log);
- }
-
return seq_release(inode, file);
}
@@ -323,34 +315,19 @@ static int tpm_bios_measurements_open(struct inode *inode,
struct file *file)
{
int err;
- struct tpm_bios_log *log;
struct seq_file *seq;
- const struct seq_operations *seqops =
- (const struct seq_operations *)inode->i_private;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- err = read_log(log);
- if (err)
- goto out_free;
+ const struct tpm_securityfs_data *sfs_data =
+ (const struct tpm_securityfs_data *)inode->i_private;
+ const struct seq_operations *seqops = sfs_data->seqops;
/* now register seq file */
err = seq_open(file, seqops);
if (!err) {
seq = file->private_data;
- seq->private = log;
- } else {
- goto out_free;
+ seq->private = sfs_data->log;
}
-out:
return err;
-out_free:
- kfree(log->bios_event_log);
- kfree(log);
- goto out;
}
static const struct file_operations tpm_bios_measurements_ops = {
@@ -372,6 +349,18 @@ static int is_bad(void *p)
int tpm_bios_log_setup(struct tpm_chip *chip)
{
const char *name = dev_name(>dev);
+ int rc = 0;
+
+ rc = read_log(chip);
+ /*
+* read_log failure means event log is not supported except for ENOMEM
+*/
+ if (rc < 0) {
+ if (rc == -ENOMEM)
+ return rc;
+ else
+ return 0;
+ }
chip->bios_dir_count = 0;
chip->bios_dir[chip->bios_dir_count] =
@@ -380,19 +369,24 @@ int tpm_bios_log_setup(struct tpm_chip
[tpmdd-devel] [PATCH v4 1/8] tpm: define a generic open() method for ascii & bios measurements
open() method for event log ascii and binary bios measurements file
operations are very similar. This patch refactors the code into a
single open() call by passing seq_operations as i_node->private data.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
---
drivers/char/tpm/tpm_eventlog.c | 59 +
1 file changed, 13 insertions(+), 46 deletions(-)
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index e722886..75e6644 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -7,6 +7,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -318,12 +319,14 @@ static const struct seq_operations
tpm_binary_b_measurments_seqops = {
.show = tpm_binary_bios_measurements_show,
};
-static int tpm_ascii_bios_measurements_open(struct inode *inode,
+static int tpm_bios_measurements_open(struct inode *inode,
struct file *file)
{
int err;
struct tpm_bios_log *log;
struct seq_file *seq;
+ const struct seq_operations *seqops =
+ (const struct seq_operations *)inode->i_private;
log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
if (!log)
@@ -333,7 +336,7 @@ static int tpm_ascii_bios_measurements_open(struct inode
*inode,
goto out_free;
/* now register seq file */
- err = seq_open(file, _ascii_b_measurments_seqops);
+ err = seq_open(file, seqops);
if (!err) {
seq = file->private_data;
seq->private = log;
@@ -349,46 +352,8 @@ out_free:
goto out;
}
-static const struct file_operations tpm_ascii_bios_measurements_ops = {
- .open = tpm_ascii_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int tpm_binary_bios_measurements_open(struct inode *inode,
-struct file *file)
-{
- int err;
- struct tpm_bios_log *log;
- struct seq_file *seq;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- if ((err = read_log(log)))
- goto out_free;
-
- /* now register seq file */
- err = seq_open(file, _binary_b_measurments_seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = log;
- } else {
- goto out_free;
- }
-
-out:
- return err;
-out_free:
- kfree(log->bios_event_log);
- kfree(log);
- goto out;
-}
-
-static const struct file_operations tpm_binary_bios_measurements_ops = {
- .open = tpm_binary_bios_measurements_open,
+static const struct file_operations tpm_bios_measurements_ops = {
+ .open = tpm_bios_measurements_open,
.read = seq_read,
.llseek = seq_lseek,
.release = tpm_bios_measurements_release,
@@ -413,15 +378,17 @@ struct dentry **tpm_bios_log_setup(const char *name)
bin_file =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _binary_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_binary_b_measurments_seqops,
+ _bios_measurements_ops);
if (is_bad(bin_file))
goto out_tpm;
ascii_file =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _ascii_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_ascii_b_measurments_seqops,
+ _bios_measurements_ops);
if (is_bad(ascii_file))
goto out_bin;
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v4 6/8] tpm: remove printk error messages
This patch removes the unnecessary messages for failure to allocate
memory. It also replaces pr_err/printk with dev_dbg.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_acpi.c | 17 +
drivers/char/tpm/tpm_of.c | 26 ++
2 files changed, 15 insertions(+), 28 deletions(-)
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 859bdba..22e42da 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -60,11 +60,8 @@ int read_log_acpi(struct tpm_chip *chip)
status = acpi_get_table(ACPI_SIG_TCPA, 1,
(struct acpi_table_header **));
- if (ACPI_FAILURE(status)) {
- printk(KERN_ERR "%s: ERROR - Could not get TCPA table\n",
- __func__);
+ if (ACPI_FAILURE(status))
return -EIO;
- }
switch(buff->platform_class) {
case BIOS_SERVER:
@@ -78,25 +75,21 @@ int read_log_acpi(struct tpm_chip *chip)
break;
}
if (!len) {
- printk(KERN_ERR "%s: ERROR - TCPA log area empty\n", __func__);
+ dev_dbg(>dev, "%s: ERROR - TCPA log area empty\n",
+ __func__);
return -EIO;
}
/* malloc EventLog space */
log->bios_event_log = kmalloc(len, GFP_KERNEL);
- if (!log->bios_event_log) {
- printk("%s: ERROR - Not enough Memory for BIOS measurements\n",
- __func__);
+ if (!log->bios_event_log)
return -ENOMEM;
- }
log->bios_event_log_end = log->bios_event_log + len;
virt = acpi_os_map_iomem(start, len);
- if (!virt) {
- printk("%s: ERROR - Unable to map memory\n", __func__);
+ if (!virt)
goto err;
- }
memcpy_fromio(log->bios_event_log, virt, len);
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 22b8f81..1464cae 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -31,40 +31,34 @@ int read_log_of(struct tpm_chip *chip)
log = >log;
if (chip->dev.parent->of_node)
np = chip->dev.parent->of_node;
- if (!np) {
- pr_err("%s: ERROR - IBMVTPM not supported\n", __func__);
+ if (!np)
return -ENODEV;
- }
sizep = of_get_property(np, "linux,sml-size", NULL);
if (sizep == NULL) {
- pr_err("%s: ERROR - SML size not found\n", __func__);
- goto cleanup_eio;
+ dev_dbg(>dev, "%s: ERROR - SML size not found\n",
+ __func__);
+ return -EIO;
}
if (*sizep == 0) {
- pr_err("%s: ERROR - event log area empty\n", __func__);
- goto cleanup_eio;
+ dev_dbg(>dev, "%s: ERROR - event log area empty\n",
+ __func__);
+ return -EIO;
}
basep = of_get_property(np, "linux,sml-base", NULL);
if (basep == NULL) {
- pr_err("%s: ERROR - SML not found\n", __func__);
- goto cleanup_eio;
+ dev_dbg(>dev, "%s: ERROR - SML not found\n", __func__);
+ return -EIO;
}
log->bios_event_log = kmalloc(*sizep, GFP_KERNEL);
- if (!log->bios_event_log) {
- pr_err("%s: ERROR - Not enough memory for BIOS measurements\n",
- __func__);
+ if (!log->bios_event_log)
return -ENOMEM;
- }
log->bios_event_log_end = log->bios_event_log + *sizep;
memcpy(log->bios_event_log, __va(*basep), *sizep);
return 0;
-
-cleanup_eio:
- return -EIO;
}
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v4 4/8] tpm: redefine read_log() to handle ACPI/OF at runtime
Currently, read_log() has two implementations: one for ACPI platforms
and the other for OF platforms. The proper one is selected at compile
time using Kconfig and #ifdef in the Makefile, which is not the
recommended approach.
This patch removes the #ifdef in the Makefile by defining a single
read_log() method, which checks for ACPI/OF event log properties at
runtime.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
---
drivers/char/tpm/Makefile | 14 --
drivers/char/tpm/tpm_acpi.c | 9 ++---
drivers/char/tpm/tpm_eventlog.c | 18 ++
drivers/char/tpm/tpm_eventlog.h | 22 +-
drivers/char/tpm/tpm_of.c | 8 ++--
5 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a385fb8..a05b1eb 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -2,16 +2,10 @@
# Makefile for the kernel tpm device drivers.
#
obj-$(CONFIG_TCG_TPM) += tpm.o
-tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o
-tpm-$(CONFIG_ACPI) += tpm_ppi.o
-
-ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog.o tpm_acpi.o
-else
-ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog.o tpm_of.o
-endif
-endif
+tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
+ tpm_eventlog.o
+tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
+tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
obj-$(CONFIG_TCG_TIS) += tpm_tis.o
obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 4d6c2d7..859bdba 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -6,6 +6,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -45,7 +46,7 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_chip *chip)
+int read_log_acpi(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
@@ -54,12 +55,6 @@ int read_log(struct tpm_chip *chip)
struct tpm_bios_log *log;
log = >log;
- if (log->bios_event_log != NULL) {
- printk(KERN_ERR
- "%s: ERROR - Eventlog already initialized\n",
- __func__);
- return -EFAULT;
- }
/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
status = acpi_get_table(ACPI_SIG_TCPA, 1,
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index a8cd4a1..c327089 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -346,6 +346,24 @@ static int is_bad(void *p)
return 0;
}
+int read_log(struct tpm_chip *chip)
+{
+ int rc;
+
+ if (chip->log.bios_event_log != NULL) {
+ dev_dbg(>dev, "%s: ERROR - Eventlog already
initialized\n",
+ __func__);
+ return -EFAULT;
+ }
+
+ rc = read_log_acpi(chip);
+ if ((rc == 0) || (rc == -ENOMEM))
+ return rc;
+ rc = read_log_of(chip);
+ return rc;
+
+}
+
int tpm_bios_log_setup(struct tpm_chip *chip)
{
const char *name = dev_name(>dev);
diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
index 7ea066c..9e95b7e 100644
--- a/drivers/char/tpm/tpm_eventlog.h
+++ b/drivers/char/tpm/tpm_eventlog.h
@@ -78,20 +78,24 @@ enum tcpa_pc_event_ids {
HOST_TABLE_OF_DEVICES,
};
-int read_log(struct tpm_chip *chip);
-
-#if defined(CONFIG_TCG_IBMVTPM) || defined(CONFIG_TCG_IBMVTPM_MODULE) || \
- defined(CONFIG_ACPI)
-extern int tpm_bios_log_setup(struct tpm_chip *chip);
-extern void tpm_bios_log_teardown(struct tpm_chip *chip);
+#if defined(CONFIG_ACPI)
+int read_log_acpi(struct tpm_chip *chip);
#else
-static inline int tpm_bios_log_setup(struct tpm_chip *chip)
+static inline int read_log_acpi(struct tpm_chip *chip)
{
- return 0;
+ return -ENODEV;
}
-static inline void tpm_bios_log_teardown(struct tpm_chip *chip)
+#endif
+#if defined(CONFIG_OF)
+int read_log_of(struct tpm_chip *chip);
+#else
+static inline int read_log_of(struct tpm_chip *chip)
{
+ return -ENODEV;
}
#endif
+int tpm_bios_log_setup(struct tpm_chip *chip);
+void tpm_bios_log_teardown(struct tpm_chip *chip);
+
#endif
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 68d891a..7c30752 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -2,6 +2,7 @@
* Copyright 2012 IBM Corporation
*
* Author: Ashley Lai <ashl
[tpmdd-devel] [PATCH v4 7/8] tpm: move event log init functions to tpm_eventlog_init.c
The device driver code for the event log has the init functions and
TPM 1.2 parsing logic both defined in same file(tpm_eventlog.c).
Since the initialization functions are common with the TPM 2.0 event
log support, this patch moves the init functions to tpm_eventlog_init.c.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 2 +-
drivers/char/tpm/tpm_eventlog.c | 130 +
drivers/char/tpm/tpm_eventlog.h | 3 +
drivers/char/tpm/tpm_eventlog_init.c | 155 +++
4 files changed, 163 insertions(+), 127 deletions(-)
create mode 100644 drivers/char/tpm/tpm_eventlog_init.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a05b1eb..1dc2671 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
- tpm_eventlog.o
+ tpm_eventlog.o tpm_eventlog_init.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index c327089..2492134 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -11,7 +11,8 @@
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
- * Access to the eventlog created by a system's firmware / BIOS
+ * Access to the TPM 1.2 event log created by a system's
+ * firmware / BIOS
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -258,12 +259,6 @@ static int tpm_binary_bios_measurements_show(struct
seq_file *m, void *v)
}
-static int tpm_bios_measurements_release(struct inode *inode,
-struct file *file)
-{
- return seq_release(inode, file);
-}
-
static int tpm_ascii_bios_measurements_show(struct seq_file *m, void *v)
{
int len = 0;
@@ -297,133 +292,16 @@ static int tpm_ascii_bios_measurements_show(struct
seq_file *m, void *v)
return 0;
}
-static const struct seq_operations tpm_ascii_b_measurments_seqops = {
+const struct seq_operations tpm_ascii_b_measurments_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_ascii_bios_measurements_show,
};
-static const struct seq_operations tpm_binary_b_measurments_seqops = {
+const struct seq_operations tpm_binary_b_measurments_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_binary_bios_measurements_show,
};
-
-static int tpm_bios_measurements_open(struct inode *inode,
- struct file *file)
-{
- int err;
- struct seq_file *seq;
- const struct tpm_securityfs_data *sfs_data =
- (const struct tpm_securityfs_data *)inode->i_private;
- const struct seq_operations *seqops = sfs_data->seqops;
-
- /* now register seq file */
- err = seq_open(file, seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = sfs_data->log;
- }
-
- return err;
-}
-
-static const struct file_operations tpm_bios_measurements_ops = {
- .open = tpm_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int is_bad(void *p)
-{
- if (!p)
- return 1;
- if (IS_ERR(p) && (PTR_ERR(p) != -ENODEV))
- return 1;
- return 0;
-}
-
-int read_log(struct tpm_chip *chip)
-{
- int rc;
-
- if (chip->log.bios_event_log != NULL) {
- dev_dbg(>dev, "%s: ERROR - Eventlog already
initialized\n",
- __func__);
- return -EFAULT;
- }
-
- rc = read_log_acpi(chip);
- if ((rc == 0) || (rc == -ENOMEM))
- return rc;
- rc = read_log_of(chip);
- return rc;
-
-}
-
-int tpm_bios_log_setup(struct tpm_chip *chip)
-{
- const char *name = dev_name(>dev);
- int rc = 0;
-
- rc = read_log(chip);
- /*
-* read_log failure means event log is not supported except for ENOMEM
-*/
- if (rc < 0) {
- if (rc == -ENOMEM)
- return rc;
- else
- return 0;
- }
-
- chip->bios_dir_count = 0;
- chip->bios_dir[chip->bios_dir_count] =
- securityfs_create_dir(name, NULL);
- if (is_bad(chip->bios_dir[chip->bios_dir_count]))
- goto err;
- chip->bios_dir_count++;
[tpmdd-devel] [PATCH v4 2/8] tpm: replace dynamically allocated bios_dir with dentry array
bios_dir is defined as struct dentry **bios_dir, which results in
dynamic allocation and therefore possibly a memory leak. This patch
replaces it with struct dentry array(struct dentry *bios_dir[3])
similar to what is done for sysfs groups.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
---
drivers/char/tpm/tpm-chip.c | 8 +++---
drivers/char/tpm/tpm.h | 3 +-
drivers/char/tpm/tpm_eventlog.c | 63 +++--
drivers/char/tpm/tpm_eventlog.h | 10 +++
4 files changed, 40 insertions(+), 44 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index e595013..826609d 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -278,14 +278,15 @@ static void tpm_del_char_device(struct tpm_chip *chip)
static int tpm1_chip_register(struct tpm_chip *chip)
{
+ int rc;
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return 0;
tpm_sysfs_add_device(chip);
- chip->bios_dir = tpm_bios_log_setup(dev_name(>dev));
+ rc = tpm_bios_log_setup(chip);
- return 0;
+ return rc;
}
static void tpm1_chip_unregister(struct tpm_chip *chip)
@@ -293,8 +294,7 @@ static void tpm1_chip_unregister(struct tpm_chip *chip)
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return;
- if (chip->bios_dir)
- tpm_bios_log_teardown(chip->bios_dir);
+ tpm_bios_log_teardown(chip);
}
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 3e952fb..b5866bb 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -171,7 +171,8 @@ struct tpm_chip {
unsigned long duration[3]; /* jiffies */
bool duration_adjusted;
- struct dentry **bios_dir;
+ struct dentry *bios_dir[3];
+ unsigned int bios_dir_count;
const struct attribute_group *groups[3];
unsigned int groups_cnt;
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 75e6644..f1df782 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -332,7 +332,8 @@ static int tpm_bios_measurements_open(struct inode *inode,
if (!log)
return -ENOMEM;
- if ((err = read_log(log)))
+ err = read_log(log);
+ if (err)
goto out_free;
/* now register seq file */
@@ -368,54 +369,48 @@ static int is_bad(void *p)
return 0;
}
-struct dentry **tpm_bios_log_setup(const char *name)
+int tpm_bios_log_setup(struct tpm_chip *chip)
{
- struct dentry **ret = NULL, *tpm_dir, *bin_file, *ascii_file;
+ const char *name = dev_name(>dev);
- tpm_dir = securityfs_create_dir(name, NULL);
- if (is_bad(tpm_dir))
- goto out;
+ chip->bios_dir_count = 0;
+ chip->bios_dir[chip->bios_dir_count] =
+ securityfs_create_dir(name, NULL);
+ if (is_bad(chip->bios_dir[chip->bios_dir_count]))
+ goto err;
+ chip->bios_dir_count++;
- bin_file =
+ chip->bios_dir[chip->bios_dir_count] =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ S_IRUSR | S_IRGRP, chip->bios_dir[0],
(void *)_binary_b_measurments_seqops,
_bios_measurements_ops);
- if (is_bad(bin_file))
- goto out_tpm;
+ if (is_bad(chip->bios_dir[chip->bios_dir_count]))
+ goto err;
+ chip->bios_dir_count++;
- ascii_file =
+ chip->bios_dir[chip->bios_dir_count] =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ S_IRUSR | S_IRGRP, chip->bios_dir[0],
(void *)_ascii_b_measurments_seqops,
_bios_measurements_ops);
- if (is_bad(ascii_file))
- goto out_bin;
+ if (is_bad(chip->bios_dir[chip->bios_dir_count]))
+ goto err;
+ chip->bios_dir_count++;
- ret = kmalloc(3 * sizeof(struct dentry *), GFP_KERNEL);
- if (!ret)
- goto out_ascii;
-
- ret[0] = ascii_file;
- ret[1] = bin_file;
- ret[2] = tpm_dir;
-
- return ret;
+ return 0;
-out_ascii:
- securityfs_remove(ascii_file);
-out_bin:
- securityfs_remove(bin_file);
-out_tpm:
- securityfs_remove(tpm_dir);
-out:
- return NULL;
+err:
+ tpm_bios_log_teardown(chip);
+ return -EIO;
[tpmdd-devel] [PATCH v2 1/2] Documentation: tpm: add the IBM Virtual TPM device tree binding documentation
Virtual TPM, which is being used on IBM POWER7+ and POWER8 systems running
POWERVM, is currently supported by tpm device driver but lacks the
documentation. This patch adds the missing documentation for the existing
support.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
Changelog v2:
- New Patch
.../devicetree/bindings/security/tpm/ibmvtpm.txt | 41 ++
1 file changed, 41 insertions(+)
create mode 100644 Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
diff --git a/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
b/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
new file mode 100644
index 000..d89f999
--- /dev/null
+++ b/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt
@@ -0,0 +1,41 @@
+* Device Tree Bindings for IBM Virtual Trusted Platform Module(vtpm)
+
+Required properties:
+
+- compatible: property name that conveys the platform architecture
+ identifiers, as 'IBM,vtpm'
+- device_type : specifies type of virtual device
+- interrupts: property specifying the interrupt source number and
+ sense code associated with this virtual I/O Adapters
+- ibm,my-drc-index : integer index for the connector between the device
+ and its parent - present only if Dynamic
+ Reconfiguration(DR) Connector is enabled
+- ibm,#dma-address-cells: specifies the number of cells that are used to
+ encode the physical address field of dma-window
+ properties
+- ibm,#dma-size-cells : specifies the number of cells that are used to
+ encode the size field of dma-window properties
+- ibm,my-dma-window : specifies DMA window associated with this virtual
+ IOA
+- ibm,loc-code : specifies the unique and persistent location code
+ associated with this virtual I/O Adapters
+- linux,sml-base: 64-bit base address of the reserved memory allocated
+ for the firmware event log
+- linux,sml-size: size of the memory allocated for the firmware event
log
+
+Example (IBM Virtual Trusted Platform Module)
+-
+
+vtpm@3003 {
+ibm,#dma-size-cells = <0x2>;
+compatible = "IBM,vtpm";
+device_type = "IBM,vtpm";
+ibm,my-drc-index = <0x3003>;
+ibm,#dma-address-cells = <0x2>;
+linux,sml-base = <0xc60e 0x0>;
+interrupts = <0xa0003 0x0>;
+ibm,my-dma-window = <0x1003 0x0 0x0 0x0
0x1000>;
+ibm,loc-code = "U8286.41A.10082DV-V3-C3";
+reg = <0x3003>;
+linux,sml-size = <0xbce10200>;
+};
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v3 2/7] tpm: Replace the dynamically allocated bios_dir as struct dentry array.
bios_dir is defined as struct dentry **bios_dir, which results in
dynamic allocation and possible memory leak. This patch replaces
it with struct dentry array i.e. struct dentry *bios_dir[3]
similar to what is done for sysfs groups.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-chip.c | 5 ++--
drivers/char/tpm/tpm.h | 3 ++-
drivers/char/tpm/tpm_eventlog.c | 60 ++---
drivers/char/tpm/tpm_eventlog.h | 10 +++
4 files changed, 35 insertions(+), 43 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index e595013..1cd1238 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -283,7 +283,7 @@ static int tpm1_chip_register(struct tpm_chip *chip)
tpm_sysfs_add_device(chip);
- chip->bios_dir = tpm_bios_log_setup(dev_name(>dev));
+ tpm_bios_log_setup(chip);
return 0;
}
@@ -293,8 +293,7 @@ static void tpm1_chip_unregister(struct tpm_chip *chip)
if (chip->flags & TPM_CHIP_FLAG_TPM2)
return;
- if (chip->bios_dir)
- tpm_bios_log_teardown(chip->bios_dir);
+ tpm_bios_log_teardown(chip);
}
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 6e002c4..603a661 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -171,7 +171,8 @@ struct tpm_chip {
unsigned long duration[3]; /* jiffies */
bool duration_adjusted;
- struct dentry **bios_dir;
+ struct dentry *bios_dir[3];
+ unsigned int bios_dir_count;
const struct attribute_group *groups[3];
unsigned int groups_cnt;
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index b0a4d02..9dd69a7 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -332,7 +332,8 @@ static int tpm_bios_measurements_open(struct inode *inode,
if (!log)
return -ENOMEM;
- if ((err = read_log(log)))
+ err = read_log(log);
+ if (err)
goto out_free;
/* now register seq file */
@@ -368,54 +369,45 @@ static int is_bad(void *p)
return 0;
}
-struct dentry **tpm_bios_log_setup(const char *name)
+void tpm_bios_log_setup(struct tpm_chip *chip)
{
- struct dentry **ret = NULL, *tpm_dir, *bin_file, *ascii_file;
+ const char *name = dev_name(>dev);
- tpm_dir = securityfs_create_dir(name, NULL);
- if (is_bad(tpm_dir))
- goto out;
+ chip->bios_dir_count = 0;
+ chip->bios_dir[chip->bios_dir_count] = securityfs_create_dir(name,
+ NULL);
+ if (is_bad(chip->bios_dir[chip->bios_dir_count]))
+ goto err;
+ chip->bios_dir_count++;
- bin_file =
+ chip->bios_dir[chip->bios_dir_count] =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ S_IRUSR | S_IRGRP, chip->bios_dir[0],
(void *)_binary_b_measurments_seqops,
_bios_measurements_ops);
- if (is_bad(bin_file))
- goto out_tpm;
+ if (is_bad(chip->bios_dir[chip->bios_dir_count]))
+ goto err;
+ chip->bios_dir_count++;
- ascii_file =
+ chip->bios_dir[chip->bios_dir_count] =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir,
+ S_IRUSR | S_IRGRP, chip->bios_dir[0],
(void *)_ascii_b_measurments_seqops,
_bios_measurements_ops);
- if (is_bad(ascii_file))
- goto out_bin;
+ if (is_bad(chip->bios_dir[chip->bios_dir_count]))
+ goto err;
+ chip->bios_dir_count++;
- ret = kmalloc(3 * sizeof(struct dentry *), GFP_KERNEL);
- if (!ret)
- goto out_ascii;
+ return;
- ret[0] = ascii_file;
- ret[1] = bin_file;
- ret[2] = tpm_dir;
-
- return ret;
-
-out_ascii:
- securityfs_remove(ascii_file);
-out_bin:
- securityfs_remove(bin_file);
-out_tpm:
- securityfs_remove(tpm_dir);
-out:
- return NULL;
+err:
+ tpm_bios_log_teardown(chip);
}
-void tpm_bios_log_teardown(struct dentry **lst)
+void tpm_bios_log_teardown(struct tpm_chip *chip)
{
int i;
- for (i = 0; i < 3; i++)
- securityfs_remove(lst[i]);
+ for (i = chip->bios_dir_count; i > 0; --i)
+ securityfs_remove(chip->bios_dir[i-1]);
}
diff --git a/drivers/char/tpm/tpm_eventl
[tpmdd-devel] [PATCH v3 5/7] tpm: Replace the of_find_node_by_name() with dev of_node property
Using device of_node property is better way to refer to device node
rather than of_find_node_by_name().
Additionally, this patch replaces all currently used pr_err() with
recommended dev_dbg().
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm-chip.c | 2 ++
drivers/char/tpm/tpm_of.c | 20 ++--
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 307130e..a040080 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -171,6 +171,8 @@ struct tpm_chip *tpm_chip_alloc(struct device *dev,
chip->dev.release = tpm_dev_release;
chip->dev.parent = dev;
chip->dev.groups = chip->groups;
+ if (dev->of_node)
+ chip->dev.of_node = chip->dev.parent->of_node;
if (chip->dev_num == 0)
chip->dev.devt = MKDEV(MISC_MAJOR, TPM_MINOR);
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 5067a86..4e4eed7 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -2,6 +2,7 @@
* Copyright 2012 IBM Corporation
*
* Author: Ashley Lai <ashleyd...@gmail.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -30,44 +31,43 @@ int read_log_of(struct tpm_chip *chip)
const u32 *sizep;
const u64 *basep;
- np = of_find_node_by_name(NULL, "vtpm");
+ if (chip->dev.of_node)
+ np = chip->dev.of_node;
if (!np) {
- pr_err("%s: ERROR - IBMVTPM not supported\n", __func__);
+ dev_dbg(>dev, "%s: ERROR - IBMVTPM not supported\n",
+ __func__);
return -ENODEV;
}
sizep = of_get_property(np, "linux,sml-size", NULL);
if (sizep == NULL) {
- pr_err("%s: ERROR - SML size not found\n", __func__);
+ dev_dbg(>dev, "%s: ERROR - SML size not found\n",
+ __func__);
goto cleanup_eio;
}
if (*sizep == 0) {
- pr_err("%s: ERROR - event log area empty\n", __func__);
+ dev_dbg(>dev, "%s: ERROR - event log area empty\n",
+ __func__);
goto cleanup_eio;
}
basep = of_get_property(np, "linux,sml-base", NULL);
if (basep == NULL) {
- pr_err("%s: ERROR - SML not found\n", __func__);
+ dev_dbg(>dev, "%s: ERROR - SML not found\n", __func__);
goto cleanup_eio;
}
chip->log.bios_event_log = kmalloc(*sizep, GFP_KERNEL);
if (!chip->log.bios_event_log) {
- pr_err("%s: ERROR - Not enough memory for BIOS measurements\n",
- __func__);
- of_node_put(np);
return -ENOMEM;
}
chip->log.bios_event_log_end = chip->log.bios_event_log + *sizep;
memcpy(chip->log.bios_event_log, __va(*basep), *sizep);
- of_node_put(np);
return 0;
cleanup_eio:
- of_node_put(np);
return -EIO;
}
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v3 6/7] tpm: Moves the eventlog init functions to tpm_eventlog_init.c
Eventlog initialization functions are common for TPM1.2 and TPM2.0
Currently, they are defined in tpm_eventlog.c which does parsing of
TPM1.2 specific eventlog.
Since initialization functions are common for TPM2.0 also, have
moved the init functions to tpm_eventlog_init.c.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 2 +-
drivers/char/tpm/tpm_eventlog.c | 116 +---
drivers/char/tpm/tpm_eventlog.h | 3 +
drivers/char/tpm/tpm_eventlog_init.c | 143 +++
4 files changed, 149 insertions(+), 115 deletions(-)
create mode 100644 drivers/char/tpm/tpm_eventlog_init.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index e8c7b4d..200b957 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
- tpm_eventlog.o
+ tpm_eventlog.o tpm_eventlog_init.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index f84ce71..3f1aba5 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -258,12 +258,6 @@ static int tpm_binary_bios_measurements_show(struct
seq_file *m, void *v)
}
-static int tpm_bios_measurements_release(struct inode *inode,
-struct file *file)
-{
- return seq_release(inode, file);
-}
-
static int tpm_ascii_bios_measurements_show(struct seq_file *m, void *v)
{
int len = 0;
@@ -297,122 +291,16 @@ static int tpm_ascii_bios_measurements_show(struct
seq_file *m, void *v)
return 0;
}
-static const struct seq_operations tpm_ascii_b_measurments_seqops = {
+const struct seq_operations tpm_ascii_b_measurments_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_ascii_bios_measurements_show,
};
-static const struct seq_operations tpm_binary_b_measurments_seqops = {
+const struct seq_operations tpm_binary_b_measurments_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_binary_bios_measurements_show,
};
-
-static int tpm_bios_measurements_open(struct inode *inode,
- struct file *file)
-{
- int err;
- struct seq_file *seq;
- struct tpm_chip *chip;
- const struct seq_operations *seqops =
- (const struct seq_operations *)inode->i_private;
-
- chip = (struct tpm_chip
- *)file->f_path.dentry->d_parent->d_inode->i_private;
-
- /* now register seq file */
- err = seq_open(file, seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = >log;
- }
-
- return err;
-}
-
-static const struct file_operations tpm_bios_measurements_ops = {
- .open = tpm_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int is_bad(void *p)
-{
- if (!p)
- return 1;
- if (IS_ERR(p) && (PTR_ERR(p) != -ENODEV))
- return 1;
- return 0;
-}
-
-int read_log(struct tpm_chip *chip)
-{
- int rc;
-
- if (chip->log.bios_event_log != NULL) {
- dev_dbg(>dev, "%s:ERROR - Eventlog already initialized\n",
- __func__);
- return -EFAULT;
- }
-
- rc = read_log_acpi(chip);
- if (rc == 0)
- return rc;
- rc = read_log_of(chip);
- return rc;
-}
-
-void tpm_bios_log_setup(struct tpm_chip *chip)
-{
- const char *name = dev_name(>dev);
- int rc = 0;
-
- rc = read_log(chip);
- if (rc < 0)
- return;
-
- chip->bios_dir_count = 0;
- chip->bios_dir[chip->bios_dir_count] = securityfs_create_dir(name,
- NULL);
- if (is_bad(chip->bios_dir[chip->bios_dir_count]))
- goto err;
- chip->bios_dir[chip->bios_dir_count]->d_inode->i_private = chip;
- chip->bios_dir_count++;
-
- chip->bios_dir[chip->bios_dir_count] =
- securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, chip->bios_dir[0],
- (void *)_binary_b_measurments_seqops,
- _bios_measurements_ops);
- if (is_bad(chip->bios_dir[chip->bios_dir_count]))
- goto err;
- chip->bios_dir_count++;
-
- chip->bios_dir[chip->bios_dir_count] =
-
[tpmdd-devel] [PATCH v3 4/7] tpm: Redefine the read_log method to check for ACPI/OF properties sequentially
Currently, the difference in read_log method for ACPI/OF based platforms
is handled by defining respective read_log method and handing
them using CONFIG based #ifdef condition in Makefile which is not
the recommended approach.
This patch cleans up the ifdef condition in Makefile by defining
single read_log method which checks for ACPI/OF event log memory in
sequence.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile | 11 ++-
drivers/char/tpm/tpm_acpi.c | 9 +
drivers/char/tpm/tpm_eventlog.c | 17 +
drivers/char/tpm/tpm_eventlog.h | 18 +-
drivers/char/tpm/tpm_of.c | 11 +--
5 files changed, 42 insertions(+), 24 deletions(-)
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index 00e48e4..e8c7b4d 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -5,15 +5,8 @@ obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
tpm_eventlog.o
-tpm-$(CONFIG_ACPI) += tpm_ppi.o
-
-ifdef CONFIG_ACPI
- tpm-y += tpm_acpi.o
-else
-ifdef CONFIG_OF
- tpm-y += tpm_of.o
-endif
-endif
+tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
+tpm-$(CONFIG_OF) += tpm_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
obj-$(CONFIG_TCG_TIS) += tpm_tis.o
obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 05b4e8a..a670c4f 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -45,20 +45,13 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_chip *chip)
+int read_log_acpi(struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
void __iomem *virt;
u64 len, start;
- if (chip->log.bios_event_log != NULL) {
- printk(KERN_ERR
- "%s: ERROR - Eventlog already initialized\n",
- __func__);
- return -EFAULT;
- }
-
/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
status = acpi_get_table(ACPI_SIG_TCPA, 1,
(struct acpi_table_header **));
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index d6f2477..f84ce71 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -349,6 +349,23 @@ static int is_bad(void *p)
return 0;
}
+int read_log(struct tpm_chip *chip)
+{
+ int rc;
+
+ if (chip->log.bios_event_log != NULL) {
+ dev_dbg(>dev, "%s:ERROR - Eventlog already initialized\n",
+ __func__);
+ return -EFAULT;
+ }
+
+ rc = read_log_acpi(chip);
+ if (rc == 0)
+ return rc;
+ rc = read_log_of(chip);
+ return rc;
+}
+
void tpm_bios_log_setup(struct tpm_chip *chip)
{
const char *name = dev_name(>dev);
diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
index 6a01d43..0e599ab 100644
--- a/drivers/char/tpm/tpm_eventlog.h
+++ b/drivers/char/tpm/tpm_eventlog.h
@@ -73,7 +73,23 @@ enum tcpa_pc_event_ids {
HOST_TABLE_OF_DEVICES,
};
-int read_log(struct tpm_chip *chip);
+#if defined(CONFIG_ACPI)
+int read_log_acpi(struct tpm_chip *chip);
+#else
+static inline int read_log_acpi(struct tpm_chip *chip)
+{
+ return -1;
+}
+#endif
+
+#if defined(CONFIG_OF)
+int read_log_of(struct tpm_chip *chip);
+#else
+static inline int read_log_of(struct tpm_chip *chip)
+{
+ return -1;
+}
+#endif
void tpm_bios_log_setup(struct tpm_chip *chip);
void tpm_bios_log_teardown(struct tpm_chip *chip);
diff --git a/drivers/char/tpm/tpm_of.c b/drivers/char/tpm/tpm_of.c
index 8e77976..5067a86 100644
--- a/drivers/char/tpm/tpm_of.c
+++ b/drivers/char/tpm/tpm_of.c
@@ -14,23 +14,22 @@
*
*/
+#include
+#include
+#include
+#include
#include
#include
#include "tpm.h"
#include "tpm_eventlog.h"
-int read_log(struct tpm_chip *chip)
+int read_log_of(struct tpm_chip *chip)
{
struct device_node *np;
const u32 *sizep;
const u64 *basep;
- if (chip->log.bios_event_log != NULL) {
- pr_err("%s: ERROR - Eventlog already initialized\n", __func__);
- return -EFAULT;
- }
-
np = of_find_node_by_name(NULL, "vtpm");
if (!np) {
pr_err("%s: ERROR - IBMVTPM not supported\n", __func__);
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v3 1/7] tpm: Define a generic open() method for ascii & bios measurements.
Open methods for eventlog ascii and binary bios measurements file
operations are very similar. This patch refactors the code into
single open() call by passing seq_operations as i_node->private data.
Suggested-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_eventlog.c | 59 +
1 file changed, 13 insertions(+), 46 deletions(-)
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index e722886..b0a4d02 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -7,6 +7,7 @@
* Stefan Berger <stef...@us.ibm.com>
* Reiner Sailer <sai...@watson.ibm.com>
* Kylene Hall <kjh...@us.ibm.com>
+ * Nayna Jain <na...@linux.vnet.ibm.com>
*
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
@@ -318,12 +319,14 @@ static const struct seq_operations
tpm_binary_b_measurments_seqops = {
.show = tpm_binary_bios_measurements_show,
};
-static int tpm_ascii_bios_measurements_open(struct inode *inode,
+static int tpm_bios_measurements_open(struct inode *inode,
struct file *file)
{
int err;
struct tpm_bios_log *log;
struct seq_file *seq;
+ const struct seq_operations *seqops =
+ (const struct seq_operations *)inode->i_private;
log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
if (!log)
@@ -333,7 +336,7 @@ static int tpm_ascii_bios_measurements_open(struct inode
*inode,
goto out_free;
/* now register seq file */
- err = seq_open(file, _ascii_b_measurments_seqops);
+ err = seq_open(file, seqops);
if (!err) {
seq = file->private_data;
seq->private = log;
@@ -349,46 +352,8 @@ out_free:
goto out;
}
-static const struct file_operations tpm_ascii_bios_measurements_ops = {
- .open = tpm_ascii_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int tpm_binary_bios_measurements_open(struct inode *inode,
-struct file *file)
-{
- int err;
- struct tpm_bios_log *log;
- struct seq_file *seq;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- if ((err = read_log(log)))
- goto out_free;
-
- /* now register seq file */
- err = seq_open(file, _binary_b_measurments_seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = log;
- } else {
- goto out_free;
- }
-
-out:
- return err;
-out_free:
- kfree(log->bios_event_log);
- kfree(log);
- goto out;
-}
-
-static const struct file_operations tpm_binary_bios_measurements_ops = {
- .open = tpm_binary_bios_measurements_open,
+static const struct file_operations tpm_bios_measurements_ops = {
+ .open = tpm_bios_measurements_open,
.read = seq_read,
.llseek = seq_lseek,
.release = tpm_bios_measurements_release,
@@ -413,15 +378,17 @@ struct dentry **tpm_bios_log_setup(const char *name)
bin_file =
securityfs_create_file("binary_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _binary_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_binary_b_measurments_seqops,
+ _bios_measurements_ops);
if (is_bad(bin_file))
goto out_tpm;
ascii_file =
securityfs_create_file("ascii_bios_measurements",
- S_IRUSR | S_IRGRP, tpm_dir, NULL,
- _ascii_bios_measurements_ops);
+ S_IRUSR | S_IRGRP, tpm_dir,
+ (void *)_ascii_b_measurments_seqops,
+ _bios_measurements_ops);
if (is_bad(ascii_file))
goto out_bin;
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v3 0/7] tpm: TPM2.0 eventlog securityfs support
Existing TPM2.0 support lacks the support for eventlog securityfs file. This patch adds the binary_bios_measurements to TPM2.0 eventlog securityfs file. Additionally, it also includes the review feedbacks as suggested by Jason. Further, commit msg subject line is prefixed with tpm as was suggested by Jarkko. Changelog v3: * Includes the review feedbacks as suggested by Jason * Split of patches into one patch per idea * Generic open() method for ascii/bios measurements * Replacement of of **bios_dir with *bios_dir[3] * Verifying readlog() is successful before creating securityfs entries * Generic readlog() to check for ACPI/OF in sequence * read_log_of() method now uses of_node propertry rather than calling find_device_by_name * read_log differentiates vtpm/tpm using its compatible property * Cleans pr_err with dev_dbg * Commit msgs subject line prefixed with tpm Nayna Jain (7): tpm: Define a generic open() method for ascii & bios measurements. tpm: Replace the dynamically allocated bios_dir as struct dentry array. tpm: Validate the eventlog access before tpm_bios_log_setup tpm: Redefine the read_log method to check for ACPI/OF properties sequentially tpm: Replace the of_find_node_by_name() with dev of_node property tpm: Moves the eventlog init functions to tpm_eventlog_init.c tpm: Adds securityfs support for TPM2.0 eventlog drivers/char/tpm/Makefile| 13 +- drivers/char/tpm/tpm-chip.c | 21 +--- drivers/char/tpm/tpm.h | 7 +- drivers/char/tpm/tpm2.h | 85 + drivers/char/tpm/tpm2_eventlog.c | 224 +++ drivers/char/tpm/tpm_acpi.c | 19 +-- drivers/char/tpm/tpm_eventlog.c | 154 +--- drivers/char/tpm/tpm_eventlog.h | 26 ++-- drivers/char/tpm/tpm_eventlog_init.c | 153 drivers/char/tpm/tpm_of.c| 65 ++ 10 files changed, 543 insertions(+), 224 deletions(-) create mode 100644 drivers/char/tpm/tpm2.h create mode 100644 drivers/char/tpm/tpm2_eventlog.c create mode 100644 drivers/char/tpm/tpm_eventlog_init.c -- 2.5.0 -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH] Documentation: tpm: Adds the TPM device tree node documentation
This is documenting device tree binding for
I2C based TPM, similar concept which being used
for virtual TPM on POWER7 and POWER8 systems running PowerVM.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
Documentation/devicetree/bindings/i2c/i2c-tpm.txt | 29 +++
1 file changed, 29 insertions(+)
create mode 100644 Documentation/devicetree/bindings/i2c/i2c-tpm.txt
diff --git a/Documentation/devicetree/bindings/i2c/i2c-tpm.txt
b/Documentation/devicetree/bindings/i2c/i2c-tpm.txt
new file mode 100644
index 000..8fdee14
--- /dev/null
+++ b/Documentation/devicetree/bindings/i2c/i2c-tpm.txt
@@ -0,0 +1,29 @@
+Device Tree Bindings for I2C based Trusted Platform Module(TPM)
+---
+
+This node describes a TPM device connected to Processor on i2c bus.
+
+Required properties:
+
+- compatible : 'manufacturer,model'
+- label : represents device type
+- linux,sml-base : base address of the Event Log. It is a physical address.
+ sml stands for shared memory log.
+- linux,sml-size : size of the memory allocated for the Event Log.
+
+Optional properties:
+
+- status: indicates whether the device is enabled or disabled. "okay" for
+ enabled and "disabled" for disabled.
+
+Example
+---
+
+tpm@57 {
+ reg = <0x57>;
+ label = "tpm";
+ compatible = "nuvoton,npct650", "nuvoton,npct601";
+ linux,sml-base = <0x7f 0xfd45>;
+ linux,sml-size = <0x1>;
+ status = "okay";
+};
--
2.5.0
--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[tpmdd-devel] [PATCH v2 3/3] TPM2.0:Adds securityfs support for TPM2.0 eventlog
Adds securityfs support for TPM2.0.
This patch currently supports only binary_bios_measurements.
Changelog v2:
* Single tpm_of.c for reading both tpm and vtpm device tree values.
* Some of the issues are fixed in Patch 1 itself.
* Comments in tpm2.h give reference to the standard from where structs
are taken.
* Now, tpm_of.c has same code applied for both tpm and vtpm, so I think
that now it is needed to have generic types rather than endian specific
type.
There are few preexisting issues as being mentioned in feedback and are not
addressed in this patch. Reason being, I don't have much expertise of ACPI side
as of now,
and these changes will affect acpi,tpm,vtpm, all paths, so I would like to go
slow
and fix them as different patch later after better understanding.
Hope this sounds ok to have them as different patch.
Issues which are not addressed are as below:
* tpm_eventlog.h still has #ifdef defined, for tpm_bios_log_setup()
* tpm_bios_log_setup is still being called in tpm-chip register
function.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 8 +-
drivers/char/tpm/tpm-chip.c | 20 +---
drivers/char/tpm/tpm2.h | 85 +
drivers/char/tpm/tpm2_eventlog.c | 224 +++
drivers/char/tpm/tpm_eventlog.h | 2 +-
drivers/char/tpm/tpm_eventlog_init.c | 43 +--
drivers/char/tpm/tpm_of.c| 17 ++-
7 files changed, 366 insertions(+), 33 deletions(-)
create mode 100644 drivers/char/tpm/tpm2.h
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index 9136762..509ace2 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -6,10 +6,14 @@ tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o
tpm2-cmd.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o
ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_acpi.o
+ tpm-y += tpm_eventlog_init.o tpm2_eventlog.o tpm_eventlog.o tpm_acpi.o
else
ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_of.o
+ tpm-y += tpm_eventlog_init.o tpm2_eventlog.o tpm_eventlog.o tpm_of.o
+else
+ifdef CONFIG_PPC64
+ tpm-y += tpm_eventlog_init.o tpm2_eventlog.o tpm_eventlog.o tpm_of.o
+endif
endif
endif
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 7f6cdab..3f1c489 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -285,20 +285,9 @@ static int tpm1_chip_register(struct tpm_chip *chip)
tpm_sysfs_add_device(chip);
- tpm_bios_log_setup(chip);
-
return 0;
}
-static void tpm1_chip_unregister(struct tpm_chip *chip)
-{
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return;
-
- if (chip->bios_dir)
- tpm_bios_log_teardown(chip);
-}
-
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
{
struct attribute **i;
@@ -372,10 +361,8 @@ int tpm_chip_register(struct tpm_chip *chip)
tpm_add_ppi(chip);
rc = tpm_add_char_device(chip);
- if (rc) {
- tpm1_chip_unregister(chip);
+ if (rc)
return rc;
- }
chip->flags |= TPM_CHIP_FLAG_REGISTERED;
@@ -385,6 +372,8 @@ int tpm_chip_register(struct tpm_chip *chip)
return rc;
}
+ tpm_bios_log_setup(chip);
+
return 0;
}
EXPORT_SYMBOL_GPL(tpm_chip_register);
@@ -409,7 +398,8 @@ void tpm_chip_unregister(struct tpm_chip *chip)
tpm_del_legacy_sysfs(chip);
- tpm1_chip_unregister(chip);
+ tpm_bios_log_teardown(chip);
+
tpm_del_char_device(chip);
}
EXPORT_SYMBOL_GPL(tpm_chip_unregister);
diff --git a/drivers/char/tpm/tpm2.h b/drivers/char/tpm/tpm2.h
new file mode 100644
index 000..38a8073
--- /dev/null
+++ b/drivers/char/tpm/tpm2.h
@@ -0,0 +1,85 @@
+#ifndef __TPM2_H__
+#define __TPM2_H__
+
+#define TPM_ALG_SHA1_DIGEST_SIZE 20
+#define TPM_ALG_SHA256_DIGEST_SIZE 32
+#define TPM_ALG_SHA384_DIGEST_SIZE 48
+
+#define HASH_COUNT 3
+#define MAX_TPM_LOG_MSG128
+
+/**
+ * All the structures related to Event Log are taken from TCG EFI Protocol
+ * Specification, Family "2.0". Document is available on link
+ * http://www.trustedcomputinggroup.org/tcg-efi-protocol-specification/
+ * Information is also available on TCG PC Client Platform Firmware Profile
+ * Specification, Family "2.0"
+ * Detailed digest structures for TPM2.0 are defined in document
+ * Trusted Platform Module Library Part 2: Structures, Family "2.0".
+ */
+
+/* Event log header algorithm spec. */
+struct tcg_efispecideventalgorithmsize {
+ u16 algorithm_id;
+ u16 digest_size;
+} __packed;
+
+/* Event log header data.
[tpmdd-devel] [PATCH v2 1/3] TPM2.0: Refactored eventlog init functions.
Refactored eventlog.c file into tpm_eventlog.c and tpm_eventlog_init.c
Breakdown is:
* tpm_eventlog_init.c : Moved eventlog initialization methods like
to setup securityfs, to open and release seqfile from tpm_eventlog.c
to this file. This is to keep the logic of initialization for TPM1.2
and TPM2.0 in common file.
* tpm_eventlog.c : This file now has only methods specific to parsing
and iterate TPM1.2 entry log formats. It can understand only TPM1.2
and is called by methods in tpm_eventlog_init if identified TPM device
is TPM1.2.
Changelog v2:
* Using of_node property of device rather than direct reading
the device node.
* Cleaned up the code to have generic open() for ascii and bios
measurements
* Removed dyncamic allocation for bios_dir and having dentry array
directly into tpm-chip.
* Using dev_dbg instead of pr_err in tpm_of.c
* readlog(...) now accepts struct tpm_chip * as parameter.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 4 +-
drivers/char/tpm/tpm-chip.c | 6 +-
drivers/char/tpm/tpm.h | 2 +-
drivers/char/tpm/tpm_acpi.c | 2 +-
drivers/char/tpm/tpm_eventlog.c | 156 +--
drivers/char/tpm/tpm_eventlog.h | 16 ++--
drivers/char/tpm/tpm_eventlog_init.c | 155 ++
drivers/char/tpm/tpm_of.c| 22 +++--
8 files changed, 189 insertions(+), 174 deletions(-)
create mode 100644 drivers/char/tpm/tpm_eventlog_init.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a385fb8..9136762 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -6,10 +6,10 @@ tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o
tpm2-cmd.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o
ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog.o tpm_acpi.o
+ tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_acpi.o
else
ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog.o tpm_of.o
+ tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_of.o
endif
endif
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index e595013..7f6cdab 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -171,6 +171,8 @@ struct tpm_chip *tpm_chip_alloc(struct device *dev,
chip->dev.release = tpm_dev_release;
chip->dev.parent = dev;
chip->dev.groups = chip->groups;
+ if (dev->of_node)
+ chip->dev.of_node = dev->of_node;
if (chip->dev_num == 0)
chip->dev.devt = MKDEV(MISC_MAJOR, TPM_MINOR);
@@ -283,7 +285,7 @@ static int tpm1_chip_register(struct tpm_chip *chip)
tpm_sysfs_add_device(chip);
- chip->bios_dir = tpm_bios_log_setup(dev_name(>dev));
+ tpm_bios_log_setup(chip);
return 0;
}
@@ -294,7 +296,7 @@ static void tpm1_chip_unregister(struct tpm_chip *chip)
return;
if (chip->bios_dir)
- tpm_bios_log_teardown(chip->bios_dir);
+ tpm_bios_log_teardown(chip);
}
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 6e002c4..cfa408f 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -171,7 +171,7 @@ struct tpm_chip {
unsigned long duration[3]; /* jiffies */
bool duration_adjusted;
- struct dentry **bios_dir;
+ struct dentry *bios_dir[3];
const struct attribute_group *groups[3];
unsigned int groups_cnt;
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 565a947..c2a122a 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -45,7 +45,7 @@ struct acpi_tcpa {
};
/* read binary bios log */
-int read_log(struct tpm_bios_log *log)
+int read_log(struct tpm_bios_log *log, struct tpm_chip *chip)
{
struct acpi_tcpa *buff;
acpi_status status;
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index e722886..b8f22ec 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2012 IBM Corporation
+ * Copyright (C) 2005, 2012, 2016 IBM Corporation
*
* Authors:
* Kent Yoder <k...@linux.vnet.ibm.com>
@@ -11,6 +11,7 @@
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
* Access to the eventlog created by a system's firmware / BIOS
+ * specific to TPM 1.2.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -257,20 +258,6 @@ static int tpm_binary_bios_measurements_show(struct
seq_file *m, void *v)
}
-static int tpm_bios_measurements_release(struct inode *inode,
-
[tpmdd-devel] [PATCH 2/2] TPM2.0:Adds securityfs support for TPM2.0 eventlog
Adds securityfs support for TPM2.0.
This patch currently supports only binary_bios_measurements.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 8 +-
drivers/char/tpm/tpm-chip.c | 20 ++--
drivers/char/tpm/tpm2.h | 75
drivers/char/tpm/tpm2_eventlog.c | 224 +++
drivers/char/tpm/tpm2_of.c | 77
drivers/char/tpm/tpm_eventlog.h | 10 +-
drivers/char/tpm/tpm_eventlog_init.c | 71 ---
7 files changed, 446 insertions(+), 39 deletions(-)
create mode 100644 drivers/char/tpm/tpm2.h
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
create mode 100644 drivers/char/tpm/tpm2_of.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index 9136762..3f4b8bc 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -6,10 +6,14 @@ tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o
tpm2-cmd.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o
ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_acpi.o
+ tpm-y += tpm_eventlog_init.o tpm2_eventlog.o tpm_eventlog.o tpm_acpi.o
else
ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_of.o
+ tpm-y += tpm_eventlog_init.o tpm2_eventlog.o tpm_eventlog.o tpm_of.o
+else
+ifdef CONFIG_PPC64
+ tpm-y += tpm_eventlog_init.o tpm2_eventlog.o tpm_eventlog.o tpm2_of.o
+endif
endif
endif
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 5a2f043..57b2201 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -283,20 +283,9 @@ static int tpm1_chip_register(struct tpm_chip *chip)
tpm_sysfs_add_device(chip);
- chip->bios_dir = tpm_bios_log_setup(dev_name(>dev));
-
return 0;
}
-static void tpm1_chip_unregister(struct tpm_chip *chip)
-{
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- return;
-
- if (chip->bios_dir)
- tpm_bios_log_teardown(chip->bios_dir);
-}
-
static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
{
struct attribute **i;
@@ -358,11 +347,14 @@ int tpm_chip_register(struct tpm_chip *chip)
if (rc)
return rc;
+ chip->bios_dir = tpm_bios_log_setup(chip);
+
tpm_add_ppi(chip);
rc = tpm_add_char_device(chip);
if (rc) {
- tpm1_chip_unregister(chip);
+ if (chip->bios_dir)
+ tpm_bios_log_teardown(chip);
return rc;
}
@@ -398,7 +390,9 @@ void tpm_chip_unregister(struct tpm_chip *chip)
tpm_del_legacy_sysfs(chip);
- tpm1_chip_unregister(chip);
+ if (chip->bios_dir)
+ tpm_bios_log_teardown(chip);
+
tpm_del_char_device(chip);
}
EXPORT_SYMBOL_GPL(tpm_chip_unregister);
diff --git a/drivers/char/tpm/tpm2.h b/drivers/char/tpm/tpm2.h
new file mode 100644
index 000..0b1a871a
--- /dev/null
+++ b/drivers/char/tpm/tpm2.h
@@ -0,0 +1,75 @@
+#ifndef __TPM2_H__
+#define __TPM2_H__
+
+#define TPM_ALG_SHA1_DIGEST_SIZE 20
+#define TPM_ALG_SHA256_DIGEST_SIZE 32
+#define TPM_ALG_SHA384_DIGEST_SIZE 48
+
+#define HASH_COUNT 3
+#define MAX_TPM_LOG_MSG128
+
+extern const struct seq_operations tpm2_binary_b_measurments_seqops;
+
+/* Event log header algorithm spec. */
+struct tcg_efispecideventalgorithmsize {
+ u16 algorithm_id;
+ u16 digest_size;
+} __packed;
+
+/* Event log header data. */
+struct tcg_efispecideventstruct {
+ u8 signature[16];
+ u32 platform_class;
+ u8 spec_version_minor;
+ u8 spec_version_major;
+ u8 spec_errata;
+ u8 uintnsize;
+ u32 num_algs;
+ struct tcg_efispecideventalgorithmsize digest_sizes[HASH_COUNT];
+ u8 vendor_info_size;
+ u8 vendor_info[0];
+} __packed;
+
+/* Header entry for eventlog. */
+struct tcg_pcr_event {
+ u32 pcr_index;
+ u32 event_type;
+ u8 digest[20];
+ u32 event_size;
+ u8 event[MAX_TPM_LOG_MSG];
+} __packed;
+
+/* Digest union for crypto agility. */
+union tpmu_ha {
+ u8 sha1[TPM_ALG_SHA1_DIGEST_SIZE];
+ u8 sha256[TPM_ALG_SHA256_DIGEST_SIZE];
+ u8 sha384[TPM_ALG_SHA384_DIGEST_SIZE];
+} __packed;
+
+/* Crypto Agile algorithm and respective digest. */
+struct tpmt_ha {
+ u16 algorithm_id;
+ union tpmu_ha digest;
+} __packed;
+
+/* Crypto agile digests list. */
+struct tpml_digest_valu
[tpmdd-devel] [PATCH 1/2] TPM2.0: Refactor eventlog init functions for TPM1.2 and
Refactored eventlog.c file into tpm_eventlog.c and tpm_eventlog_init.c
Breakdown is:
* tpm_eventlog_init.c : Moved eventlog initialization methods like
to setup securityfs, to open and release seqfile from tpm_eventlog.c
to this file. This is to keep the logic of initialization for TPM1.2
and TPM2.0 in common file.
* tpm_eventlog.c : This file now has only methods specific to parsing
and iterate TPM1.2 entry log formats. It can understand only TPM1.2
and is called by methods in tpm_eventlog_init if identified TPM device
is TPM1.2.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
---
drivers/char/tpm/Makefile| 4 +-
drivers/char/tpm/tpm_eventlog.c | 156 +
drivers/char/tpm/tpm_eventlog.h | 3 +
drivers/char/tpm/tpm_eventlog_init.c | 183 +++
4 files changed, 192 insertions(+), 154 deletions(-)
create mode 100644 drivers/char/tpm/tpm_eventlog_init.c
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a385fb8..9136762 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -6,10 +6,10 @@ tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o
tpm2-cmd.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o
ifdef CONFIG_ACPI
- tpm-y += tpm_eventlog.o tpm_acpi.o
+ tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_acpi.o
else
ifdef CONFIG_TCG_IBMVTPM
- tpm-y += tpm_eventlog.o tpm_of.o
+ tpm-y += tpm_eventlog_init.o tpm_eventlog.o tpm_of.o
endif
endif
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index e722886..b8f22ec 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2012 IBM Corporation
+ * Copyright (C) 2005, 2012, 2016 IBM Corporation
*
* Authors:
* Kent Yoder <k...@linux.vnet.ibm.com>
@@ -11,6 +11,7 @@
* Maintained by: <tpmdd-devel@lists.sourceforge.net>
*
* Access to the eventlog created by a system's firmware / BIOS
+ * specific to TPM 1.2.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -257,20 +258,6 @@ static int tpm_binary_bios_measurements_show(struct
seq_file *m, void *v)
}
-static int tpm_bios_measurements_release(struct inode *inode,
-struct file *file)
-{
- struct seq_file *seq = file->private_data;
- struct tpm_bios_log *log = seq->private;
-
- if (log) {
- kfree(log->bios_event_log);
- kfree(log);
- }
-
- return seq_release(inode, file);
-}
-
static int tpm_ascii_bios_measurements_show(struct seq_file *m, void *v)
{
int len = 0;
@@ -304,151 +291,16 @@ static int tpm_ascii_bios_measurements_show(struct
seq_file *m, void *v)
return 0;
}
-static const struct seq_operations tpm_ascii_b_measurments_seqops = {
+const struct seq_operations tpm_ascii_b_measurments_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_ascii_bios_measurements_show,
};
-static const struct seq_operations tpm_binary_b_measurments_seqops = {
+const struct seq_operations tpm_binary_b_measurments_seqops = {
.start = tpm_bios_measurements_start,
.next = tpm_bios_measurements_next,
.stop = tpm_bios_measurements_stop,
.show = tpm_binary_bios_measurements_show,
};
-
-static int tpm_ascii_bios_measurements_open(struct inode *inode,
- struct file *file)
-{
- int err;
- struct tpm_bios_log *log;
- struct seq_file *seq;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- if ((err = read_log(log)))
- goto out_free;
-
- /* now register seq file */
- err = seq_open(file, _ascii_b_measurments_seqops);
- if (!err) {
- seq = file->private_data;
- seq->private = log;
- } else {
- goto out_free;
- }
-
-out:
- return err;
-out_free:
- kfree(log->bios_event_log);
- kfree(log);
- goto out;
-}
-
-static const struct file_operations tpm_ascii_bios_measurements_ops = {
- .open = tpm_ascii_bios_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = tpm_bios_measurements_release,
-};
-
-static int tpm_binary_bios_measurements_open(struct inode *inode,
-struct file *file)
-{
- int err;
- struct tpm_bios_log *log;
- struct seq_file *seq;
-
- log = kzalloc(sizeof(struct tpm_bios_log), GFP_KERNEL);
- if (!log)
- return -ENOMEM;
-
- if ((err = read_log(log)))
-
[tpmdd-devel] [PATCH 0/2] Cover Letter - TPM2.0: Add securityfs support for
Overview: = Patch adds support for enabling securityfs for TPM2.0. The patch currently adds support for only binary_bios_measurements. The structure for TPM2.0 is compliant with TCG Spec for 2.0 family. Also , the reading of data has the assumption that writer would have followed TCG Spec and so everything is in little-endian. The tpm device driver code has been refactored to: * Identify the TPM version - 1.2 or 2.0 * Calls corresponding compatible seq_ops for iterating over eventlog. Files Description: === * tpm-chip.c : Adds call to setup bios log for TPM2.0. * tpm2_of.c : Reads the device tree entries to find the location and size of event. * tpm_eventlog_init.c : Provides common initialization functions between TPM2.0 and TPM1.2 to setup securityfs entries and seq_ops iterator. The functions has been moved from tpm_eventlog.c into this file. * tpm_eventlog.c : Provides functions only specific to TPM1.2 version. Common initialization functions are moved to tpm_eventlog_init.c * tpm2_eventlog.c : Provides functions specific only for TPM2.0 eventlog format. * tpm2.h : Header file for TPM2.0 structures and functions. Nayna Jain (2): TPM2.0: Refactor eventlog methods. TPM2.0:Adds securityfs support for TPM2.0 eventlog drivers/char/tpm/Makefile| 8 +- drivers/char/tpm/tpm-chip.c | 20 ++-- drivers/char/tpm/tpm2.h | 75 drivers/char/tpm/tpm2_eventlog.c | 224 +++ drivers/char/tpm/tpm2_of.c | 77 drivers/char/tpm/tpm_eventlog.c | 156 +--- drivers/char/tpm/tpm_eventlog.h | 13 +- drivers/char/tpm/tpm_eventlog_init.c | 216 + 8 files changed, 617 insertions(+), 172 deletions(-) create mode 100644 drivers/char/tpm/tpm2.h create mode 100644 drivers/char/tpm/tpm2_eventlog.c create mode 100644 drivers/char/tpm/tpm2_of.c create mode 100644 drivers/char/tpm/tpm_eventlog_init.c -- 2.5.0 -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
